Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- kevin bailey
August 16, 2006, 4:59 pm
rate this thread
Re: How good is tiger
I was _going_ to say that Tiger was completely obsolete, having been
abandoned by its original TAMU maintainers a long time ago. However, I
see that it's being resurrected. On the third hand, the fact that the
most recent release was from late 2003 doesn't lend much confidence.
If you're trying chkrootkit, then you might as well run rkhunter, as
well. I _hope_ you're doing this while running from a maintenance boot
CD (or such) that is itself known to be uncompromised.
Security-scanning a suspect system from within itself has obvious
problems: _If_ it's root-compromised, then you cannot trust what it
That would be useful at this point _provided_ you have a time machine,
can go back to before the suspected security breach, and can install /
configure it then. All that Tripwire, AIDE, Samhain, Prelude-IDS, etc.
can do at this point is say "Yep, the hash values from those suspect
binaries are unchanged from yesterday. Still suspect."
Suggestion: Really, one of the most-reliable ways to detect compromise
is to know your system well enough to spot it behaving in peculiar and
suspect ways that it's not supposed to, that could not have been
arranged without stealing root authority. Please note that that, even
more than the use of AIDE, was what tipped off the Debian Project's
sysadmins in 2003: http://linuxgazette.net/issue98/moen.html
- » restricting a particular user's access from remote ssh, within private net ok
- — Next thread in » Linux Security
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security