[plug] The Community's gone Crackers
Raven
ian.kent at pobox.com
Wed Aug 30 21:15:02 WST 2000
Christian wrote:
> On Wed, Aug 23, 2000 at 10:57:48AM +0800, skribe wrote:
>
> > Is it technically possible to forge the rpmdb so that even this doesn't
> > show up the compromised progs? For example, installing your own version of
> > the rpm package. Or rewriting the info in the db so the discrepancies
> > don't show up. I'm not sure the later is even possible practically, but
> > theoretically it is something to consider.
> >
> It's absolutely possible. In fact, there quite possibly is a root kit
> out there which does this. There are several solutions to getting
> verifiably secure audit trails and not all of them are 100% foolproof.
Strange nobody mentioned tripwire!
--
,-._|\ Ian Kent
/ \ Perth, Western Australia
*_.--._/ E-mail: ian.kent at pobox.com, raven at plug.linux.org.au
v Web: http://pobox.com/~ian.kent
More information about the plug
mailing list