> Only if someone's logged in at the time, or actually looking at the machine.
> If not, uptime and log entries can be falsified by the new kernel and hacked
> utilities.
Not if you are using a remote logging server or a secure log daemon.
A secure log daemon uses cryptographic signatures on the log entries to
make any tampering detectable. I hate it when the make the claim that
the secure log daemons are tamperproof. They are not tamper proof. But
they are tamper detectable.
> "Too hard"? You'd be surprised what's in rootkits.
No I wouldn't... It's my business... I'm the senior researcher
for Internet Security Systems. :-)
> --
> brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net
> system administrator [WAY too many hats] allbery@ece.cmu.edu
> carnegie mellon / electrical and computer engineering KF8NH
> We are Linux. Resistance is an indication that you missed the point.
Mike
-- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/