Bugtraq mailing list archives
Re: snooper watchers
From: tim () cs columbia edu (Timothy Jones)
Date: Mon, 27 Feb 1995 01:14:25 +0100 (MET)
Has anyone built a system sharing a dual-ported disk between the server (checkee) and another machine that runs something like tripwire (checker)? Obviously, the checker shouldn't be attached to the 'net... Tim Gene Rackow writes:
If I turn the paranoid mode up a notch or two here.. What is to stop someone from mounting another filesystem over the top of your tripwire database and crontab entries. Replace the mount and df commands to not show the new mount point. Now you continue to believe that you are a happy camper, all safe and secure. You really need to do a seperation of the checkee from the checkor. If someone has root access on the machine, the could basicly do anything that is needed to cover their tracks.
Current thread:
- Re: snooper watchers, (continued)
- Re: snooper watchers Ben Taylor (Feb 24)
- Re: snooper watchers Charles Stephens (Feb 23)
- Re: snooper watchers mascarkp () cc3 adams edu (Feb 24)
- Re: snooper watchers Eiji Hirai (Feb 24)
- Re: snooper watchers Gene Rackow (Feb 25)
- Re: snooper watchers Timothy Newsham (Feb 25)
- Re: snooper watchers Darren Reed (Feb 25)
- Re: snooper watchers Dr. Frederick B. Cohen (Feb 25)
- Re: snooper watchers Gene Rackow (Feb 25)
- Re: snooper watchers smb () research att com (Feb 26)
- Re: snooper watchers der Mouse (Feb 26)
- Re: snooper watchers Timothy Jones (Feb 26)
- Re: snooper watchers Leo Bicknell (Feb 26)
- Re: snooper watchers Christopher Samuel (Feb 27)
- No Subject Nicholas West (Feb 26)
- Re: snooper watchers Peter Wemm (Feb 27)
- Re: snooper watchers Leo Bicknell (Feb 26)