Fedora Core 2 Update: ppp-2.4.2-3.FC2.1
Pedro Fernandes Macedo
webmaster at margo.bijoux.nom.br
Sun Jul 11 05:22:49 UTC 2004
Jim Cornette wrote:
> Pedro Fernandes Macedo wrote:
>
>> At the place where I worked , we used both checkrootkit (which gave
>> good results on distros without NPTL) and integrit. The bad thing
>> about integrit is learning to see what you changed (through updates
>> and changes in configurations) and what a invader changed.... This is
>> really problematic when you do a massive upgrade (or when you upgrade
>> a big package , like xorg , for instance) and you end with a integrit
>> report with 2000+ files changed in the system...
>
>
> Thanks for the tips. Digging through 2000+ reported changes does not
> sound like a picnic. I guess my paraniod approach regarding not doing
> on-line transactions is my safest bet. I'll check out integret to see
> how this program fares.
>
Just remmembered what we used to do to make our lifes easier at work...
We disabled any automatic system updates (this way , you know exactly
what you change on the machine). After each manual update or
reconfiguration , integrit is run again to update its database... This
way , if for some reason you receive a message containing unexpected
changes , then it's probably a invasion..
--
Pedro Macedo
(who used to be paranoic , but got tired of it... :) )
More information about the fedora-list
mailing list