From: F. Winter (winter@PHYSnet.uni-hamburg.de)
Date: Fri Oct 04 2002 - 09:48:23 EDT
Hi admins,
is there a commonly used tool to check whether the binary
files in /usr/bin or /usr/sbin have been changed for example
by an attacker. Or log files have been shrunk. And if so, then
the tool will send an mail to admin according to what was changed.
I know that TripWire can do this task. But is there a different
software that can do this? Do you think setting up a cron job
will do this the easiest way!?
Dont want to use TripWire, because I only got the Academic
Software Release 1.3 to work and not the newer rewrites from
version 2.0 on.
Annother thought coming into my mind is whatfor is TripWire usefull?
If an attacker got root access on a machine, he/she will manipulate
the DB TripWire uses to hide his/her dark actions. So it could be
a tool to feel oneself save but the machine is in an compromised
state.
-- Frank Winter Tel.: +(49)-40-42838-2404 PHYSnet RZ Email: winter@PHYSnet.uni-hamburg.de Uni Hamburg Jungiusstr. 9 D-20355 Hamburg
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:55 EDT