This is true. But where do you stop. What happens if somebody hacks login and starts sending your keystrokes over the net ? or iptables which tricks you into believing everything is being blocked properly, or one of your cron scripts ? :)
And I need a way to monitor file system changes. I could write my own `find' script, and hide it in some obscure directory that wouldn't be noticed, and hire somebody at $0.05/hr to log in and run it manually everyday, and then delete ~/.bash_history :) I think it's safe to say that once a hacker gets root, you're finished. At the moment, I'll try to make things as secure as I can, and when I get hacked again hopefully I'll have more experience to build a more secure box. I'll probably use Debian the 3rd or 4th time around. _Anything_ is better than what I had :) I didn't take security seriously before because it was too time consuming and I was busy learning other things. This new found attitude and motivation will benefit me in the long run :) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of James Gregory Sent: Wednesday, 18 December 2002 13:22 To: Minh Van Le Cc: [EMAIL PROTECTED] Subject: Re: [SLUG] General question Re: Securing Redhat Linux [snip] btw - you wanna be careful with tripwire et al. What happens when someone hacks your box and replaces the tripwire executable with one that sends an email at the alotted time intervals reporting that everything is ok? It's better than nothing, but don't rely on it. HTH James. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
