honeynet's immense work at : www.honeynet.org
Yes tripwire or aide is what you need for sure.
As far as the files are concerned, mostly the files used for routine admin purpose are
changed by intruders.
If you look at major rootkits, they mostly replace the following files:
ps
ls
w
/bin/login
s
What you are asking for is impossible. The exploits are discovered and
passed around all the time...
What you should consider is a file integrity assessment application. We use
Tripwire and it is good. The docs are available from the files area on their
sourceforge website.
That, plus a well co
Can anybody point me to a list or email me a list of the files on a redhat
system that are the files that hackers would replace if they got
in. Basically, I want to be able to restore these files easily if I ever
need too. If I have a list of them that I can backup, than it would be
easier t
