[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Tiger-devel] CVS Tiger patches 20030926
From: |
Javier Fernández-Sanguino Peña |
Subject: |
Re: [Tiger-devel] CVS Tiger patches 20030926 |
Date: |
Tue, 25 Nov 2003 08:28:20 +0100 |
User-agent: |
Mutt/1.5.4i |
On Tue, Nov 25, 2003 at 02:41:37AM +0100, unspawn wrote:
> > > 5. Task #1643: Include checks for RedHat using rpm -VA Even though
> >
> > [BTW, did you provide a patch with this one, I don't find it in the
> > tar.gz] Even if not on read-only media, an rpm -VA database is still
> No, but I'll code one. I think a config switch for selecting scanning
> of just sys/user binary + config dirs or "full scan" would do best.
I'm not sure including config dirs is a good idea, since they might be
modified by the use and/or scripts. At least that's why the
systems/Linux/2/deb_checkmd5sums (same concept implemented for Debian)
avoids conffiles completely.
> > Notice, however, that many rootkits will use extended attributes to
> > block changes of files modified by rootkits so I would not rely too much
> > on that check.
> Yeah, if we're up against a syscall-modifying entity then any output will
> be of lesser or no value. From moderating part of LinuxQuestions.org I
> can say it's a sad thing to see a lot of majority of Linux users running
> their boxen w/o any filesystem integrity scanning, OTOH it's quite funny
> to see how RK's like SuckIT can fsck up spitting out error messages :-]
The main issue I believe is users setting up systems without a proper
partitioning scheme that enables them to 'ro' /usr, for example. In any
case, part of the blame is probably on the distribution side since this is
something that could be more or less automated.
> > It would be wise to do this check for /usr, /bin and /sbin at least.
> > It could also warn the user if /tmp is in the same partition as / (or if
> > /home is). I think an "advisor" of improper partition setups would
> > really be useful. Care to code it? :-)
>
> I'll code one. Should be fun.
Great! Thanks.
Javi
signature.asc
Description: Digital signature