Anti-Rootkit app
Tim Clewlow
tim1timau at yahoo.com
Mon Jan 14 16:15:51 PST 2008
--- Dan Lukes <dan at obluda.cz> wrote:
> >> I need to install an anti-rootkid
>
> If I understand correctly, an intruder need to be superuser to be able
> to install a rootkit.
>
> If our intruders has superuser privileges, they can tamper any
> anti-rootkit.
>
> Is the main reason to install anti-rootkit we count the intruders are
> so dumb to look for one of port's anti-rootkit package before they do
> it's dirt work ?
>
> Or I miss something important ?
>
> Dan
One solution would be to have /var/log/auth.log being tailed out via a serial
port to another computer that is not accessable via a network - or have it sent
to a printer for a permanent hard-copy. It all depends on how much you really
want to do in regard to security.
Cheers, Tim.
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
More information about the freebsd-security
mailing list