> If they root your box, they could mess with your gpg keyring and/or binary. > They could just spew out fake emails that say the thing was checked, and > even spin the floppy disk in case you were watching to make sure it was > doing a "real" check.
OK, I give up. ;-) > You can't use a possibly-cracked machine to check itself, unless you are > checking for breakins on non-root accounts. (e.g. web page defacement if > they got in through httpd.) Agreed... or if only one machine is available, we're back to periodically booting from a safe, known, bootable CD-R with a kernel, a copy of the checksums and all of required binaries on it (which is fine unless someone broke into my house and replaced the CD-R ;-)). I guess I'll stick with what I have (i.e. the RO floppy) and hope that the script kiddie isn't thinking that far ahead (the last one that got through onto a previous RedHat box of mine wasn't, fortunately). KEN -- Kenneth J. Pronovici <[EMAIL PROTECTED]> Personal Homepage: http://www.skyjammer.com/~pronovic/ "The phrase, 'Happy as a clam' has never really held much meaning for me."