Genroo rsync Server Compromised
Bruce Marshall
bmarsh
Mon May 17 11:56:31 PDT 2004
On Wed December 3 2003 10:42 pm, Collins Richey wrote:
> On Wed, 03 Dec 2003 18:40:16 -0800 Ken Moffat <kmoffat at drizzle.com> wrote:
> > Bruce Marshall wrote:
> > >On Wed December 3 2003 08:12 pm, James McDonald wrote:
> > >>I noticed the Genroo typo, and it made me start thinking of an all
> > >>australian linux distribution. For the those that have no idea what I
> > >> am talking about 'roo' is the slang term we use for Kangaroos.
> > >>
> > >>Would tripwire be one of the tools that an admin uses to detect
> > >> exploits hitting a box? If so who on the list is using it and do they
> > >> have `real world' experience of it's effectiveness?
> > >
> > >I've used it.... it works.
> > >
> > >But setting it up is a chore (getting error messages of files that don't
> > >exist on your distro or files that change regularly) It can be done...
> > >
> > >However, you'll find that you get so many messages of file changes that
> > > you most likely will soon not pay attention to them.
> >
> > Exactly the problem I'm having. I just set up tripwire, and the output
> > includes all of /proc, some of /var/log, 171790 is the file size of the
> > report! This is the default debian configuration, and will be modified
> > if I keep using it, but wow! too much!
>
> I've never used tripwire, but surely there is a method to exclude certain
> directories/filesystems from the scan!?
Yes there is.... it's just a matter of going through and negating them all.
And there can be a lot of files to negate.
--
+----------------------------------------------------------------------------+
+ Bruce S. Marshall bmarsh at bmarsh.com Bellaire, MI 12/04/03 09:45 +
+----------------------------------------------------------------------------+
"A man who seeks truth and loves it must be reckoned precious to any human
society." - Frederick the Great.
More information about the Linux-users
mailing list