Re: snooper watchers

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Dr. Frederick B. Cohen: "Re: snooper watchers"
• Previous message: Stephen D. Williams: "Re: another Web bitchout"
• In reply to: Timothy Newsham: "Re: snooper watchers"
• Next in thread: Dr. Frederick B. Cohen: "Re: snooper watchers"

[...]
> Btw an easier attack is to just modify the script that regularly runs
> tripwire, usually run from cron.
> 
> > You really need to do a seperation of the checkee from the checkor.
> > If someone has root access on the machine, the could basicly do anything
> > that is needed to cover their tracks.
> 
> This is why manual checks should still be done, but this is not why
> automatic checking should be given up.
> 
>                                      Tim N.

Something I was thinking of, what if you have two hosts, which don't
trust each other in any way, set them up to use a network filesystem
of sorts and run tripwire on the "other" host.  So for host A, tripwire
would run on host B and for host B, tripwire would run on host A.

darren

• Next message: Dr. Frederick B. Cohen: "Re: snooper watchers"
• Previous message: Stephen D. Williams: "Re: another Web bitchout"
• In reply to: Timothy Newsham: "Re: snooper watchers"
• Next in thread: Dr. Frederick B. Cohen: "Re: snooper watchers"