Genroo rsync Server Compromised
Collins Richey
erichey2
Mon May 17 11:56:29 PDT 2004
On Wed, 03 Dec 2003 18:40:16 -0800 Ken Moffat <kmoffat at drizzle.com> wrote:
> Bruce Marshall wrote:
>
> >On Wed December 3 2003 08:12 pm, James McDonald wrote:
> >
> >
> >>I noticed the Genroo typo, and it made me start thinking of an all
> >>australian linux distribution. For the those that have no idea what I am
> >>talking about 'roo' is the slang term we use for Kangaroos.
> >>
> >>Would tripwire be one of the tools that an admin uses to detect exploits
> >>hitting a box? If so who on the list is using it and do they have `real
> >>world' experience of it's effectiveness?
> >>
> >>
> >
> >I've used it.... it works.
> >
> >But setting it up is a chore (getting error messages of files that don't
> >exist on your distro or files that change regularly) It can be done...
> >
> >However, you'll find that you get so many messages of file changes that you
> >most likely will soon not pay attention to them.
> >
> >
> >
> >
> Exactly the problem I'm having. I just set up tripwire, and the output
> includes all of /proc, some of /var/log, 171790 is the file size of the
> report! This is the default debian configuration, and will be modified
> if I keep using it, but wow! too much!
>
I've never used tripwire, but surely there is a method to exclude certain
directories/filesystems from the scan!?
--
Collins Richey - Denver Area
if you fill your heart with regrets of yesterday and the
worries of tomorrow, you have no today to be thankful for.
More information about the Linux-users
mailing list