Genroo rsync Server Compromised
Ken Moffat
kmoffat
Mon May 17 11:56:29 PDT 2004
Bruce Marshall wrote:
>On Wed December 3 2003 08:12 pm, James McDonald wrote:
>
>
>>I noticed the Genroo typo, and it made me start thinking of an all
>>australian linux distribution. For the those that have no idea what I am
>>talking about 'roo' is the slang term we use for Kangaroos.
>>
>>Would tripwire be one of the tools that an admin uses to detect exploits
>>hitting a box? If so who on the list is using it and do they have `real
>>world' experience of it's effectiveness?
>>
>>
>
>I've used it.... it works.
>
>But setting it up is a chore (getting error messages of files that don't exist
>on your distro or files that change regularly) It can be done...
>
>However, you'll find that you get so many messages of file changes that you
>most likely will soon not pay attention to them.
>
>
>
>
Exactly the problem I'm having. I just set up tripwire, and the output
includes all of /proc, some of /var/log, 171790 is the file size of the
report! This is the default debian configuration, and will be modified
if I keep using it, but wow! too much!
--
Ken
More information about the Linux-users
mailing list