Re: snooper watchers

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Charles Howes: "Re: A (possibly) better way to get input integrity"
• Previous message: Darren Reed: "Re: snooper watchers"
• In reply to: Timothy Newsham: "Re: snooper watchers"
• Next in thread: Timothy Jones: "Re: snooper watchers"

> 
> > If I turn the paranoid mode up a notch or two here..
> > What is to stop someone from mounting another filesystem over the top of
> > your tripwire database and crontab entries.  Replace the mount and df
> > commands to not show the new mount point.  Now you continue to believe
> > that you are a happy camper, all safe and secure.

...
> 
> Btw an easier attack is to just modify the script that regularly runs
> tripwire, usually run from cron.
...
> 
>                                      Tim N.
> 

	This whole set of issues has been researched in some depth and
partially solved - partially proven unsolvable.  See "Defense in Depth
Against Computer Viruses" and "Program Evolution for Operating System
Security" - both in the IFIP-TC11 Journal Computers and Security -
I won't bother to tell you who the author was - FC

• Next message: Charles Howes: "Re: A (possibly) better way to get input integrity"
• Previous message: Darren Reed: "Re: snooper watchers"
• In reply to: Timothy Newsham: "Re: snooper watchers"
• Next in thread: Timothy Jones: "Re: snooper watchers"