Mark
On Friday, October 18, 2002, at 12:25 PM, Andrew MacKenzie wrote:
+++ Thomas Ribbrock [RedHat] [Fri, Oct 18, 2002 at 12:12:33PM +0200]:Don't knock it. *Knowing* whether you may or may not have been hacked isOn Fri, Oct 18, 2002 at 10:04:46AM +0100, Nick Lindsell wrote:Ok, so lets say I have the original Tripwire DB on a read-only mediumThe Tripwire documentation suggests that the database be held on a floppy which is then write-protected - should prevent a blackhat getting to it.
(CD-ROM would work, too, I suppose). But it still only tells me about
problems *after* the damage has been done, right? Tripwire does nothing to
*prevent* an attack, or am I missing something here? So, the main (only?)
use would be to serve as a warning system a la "This system probably has
been hacked!", right?
half the battle. What good is updating and maintaining security if you were
compromised three months ago and didn't know it? Tripwire and monitoring
your log files are good habits. Be vigilant.
--
// Andrew MacKenzie | http://www.edespot.com
// Sleep: n. slEp
// A completely inadequate substitute for caffeine.
<mime-attachment>
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
