[2188] in linux-security and linux-alert archive
[linux-security] Re: You got some 'splaininn to do Lucy ;-)
daemon@ATHENA.MIT.EDU (Crispin Cowan)
Sat Jul 31 03:47:14 1999
Date: Sat, 31 Jul 1999 01:28:29 +0000
From: Crispin Cowan <crispin@cse.ogi.edu>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
John Summerfield wrote:
> > This has been my personal experience. My Linux and FreeBSD boxes are very
> > secure never had a single problem. The Win machines I'm amazed when they
>
> Without an audit trail, how would you know?
>
> Some versions of BIND had a bug allowed hackers root access. Other than
> BIND mysteriously crashing, you'd never know it happened. Someone could
> have made of with a copy of some sensitive information without you every
> knowing it had been accessed: with an audit trail, you might at least
> discover it had been read by someone who shouldn't.
While it is true that you need *some* kind of host-based intrusion detection to
know that your host has been secure, it is not true that you need Orange Book
Auditing[tm] to do intrusion detection. Counter-example: if you used Tripwire
to periodically check the integrity of your host, then you could detect
intrusions without Orange Book style auditing.
Caveat: I mean use Tripwire *properly*. Don't bother whining about the myriad
ways it can be used improperly, that's not the point :-)
Crispin
-----
Crispin Cowan, Research Assistant Professor of Computer Science, OGI
NEW: Protect Your Linux Host with StackGuard'd Programs :FREE
http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
