On Fri, 18 Sep 1998, Warner Losh wrote: > In message <199809181149.HAA21721at_private> "Charles > M. Hannum" writes: > : > : > You should have md5 checksums of files that you are concerned about, > : > as timestamps are useless in the face of a good attacker. > : > : Rubbish! A checksum doesn't tell me that someone hadn't temporarily > : replaced the file and has now put the original back. > > Ummm, you still can't tell that for a competant attacker. A good > attacker can set the system time, frob the file, set it back let time > pass and then do the same thing to get the original back. You'd never > know. Irix has a nice 'feature' named fam (at least irix 6.4). fam==file alteration monitor and it will detect any file change and even more. I don't know how this works, but it works. I don't know if there is something similar to other OSs. > Warner <<V13>>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:17:01 PDT