[1086] in bugtraq
Re: snooper watchers
daemon@ATHENA.MIT.EDU (Eiji Hirai)
Fri Feb 24 19:55:37 1995
Date: Fri, 24 Feb 1995 18:53:20 -0500
From: Eiji Hirai <eiji@netmarket.com>
In-Reply-To: Ben Taylor <bent@snm.com> "Re: snooper watchers" (Feb 24, 11:33am)
To: bugtraq@fc.net
At Feb 24, 11:33am, Ben Taylor <bent@snm.com> tapped on the keyboard:
: > Are you going to write a program that checks to see if root's cronjob has
: > been modified? Probably not, and if someone has access to /dev/nit, they're
: > going to have access to root's cronjob as well.
:
: I suppose if you really wanted to make sure that crontab entries couldn't
: be changed is to put them on a write protected floppy, mounted at boot.
The best thing to do is to run tripwire from a read-only device (like a
floppy) from which you can check the integrity of any number of files,
like crontab.
ftp://coast.cs.purdue.edu/pub/COAST/Tripwire
--
Eiji Hirai
The NetMarket Company
eiji@netmarket.com
