captgoodnight@acsalaska.net wrote:
>
> Tripwire is a breeze to get around, pretty much, if a skilled user gets root, they, if they know
> better than to release their tools public, WILL stay under cover! Kernel level rootkits are totally
> ruthless, and 0 day root level kits are undetectable! Bottom line! If you use tripwire, run the binaries
> from a cdr, and move those reports quickly to a safe area for inspection. This is easy to automate with
> pop3s, ntp, fetchmail.
>
So how would you install a kernel level root kit without kicking the
machine? And how would you ensure that the hacked kernel would be
started on future reboots if changes to the kernel file could be detected?
schu
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Jul 29 00:14:00 2004
This archive was generated by hypermail 2.1.8 : Thu Jul 29 2004 - 00:14:02 AKDT