On Jul 10, 2007, at 1:13 PM, Sven Hoexter wrote:
Else, what can I use to test integrity of my system ?
apt-get install aide, tripwire or one of the similar tools and
learn how
to use them.
To be honest, I think the value of these tools as they're usually
applied* is quite dubious. A hacker with enough access to install a
rootkit could also trojan tripwire or aide so that it doesn't report
the security breach. As such I think you can get a false sense of
security. The same criticism applies to rkhunter and chkrootkit, of
course.
* The exception is if tripwire or aid is used after booting from a
read-only medium (such as a live CD) and uses checksums that are also
retrieved from read-only media. But few people do it this way
because it's a lot of work to maintain and requires taking the
machine down to do a check.
David Brodbeck
Information Technology Specialist 3
Computational Linguistics
University of Washington