[wplug] System file permission, owner and group auditing utility
Jonathan Billings
jsbillings at gmail.com
Mon Apr 11 11:59:54 EDT 2005
On Apr 11, 2005 11:14 AM, Jonathan Billings <jsbillings at gmail.com> wrote:
> On Apr 11, 2005 11:06 AM, Poyner, Brandon <bpoyner at ccac.edu> wrote:
> > You can run a 'rpm -Va' to verify all rpm packages. It's far from a complete audit but it's one utility you can use. It returns information on files that differ from the RPM installed versions. If somebody has modified the RPM database or installed their own RPM on top of your RPM this won't be of much use.
> You should realize that if you are using the signatures stored in the
> RPM database as a mechanism for determining whether a system has been
> hacked or not, hackers could just as easily install a trojaned 'rpm'
> binary, or even install an RPM package (with the appropriate
> signatures) to obscure their intrusion
I really need to start reading emails before replying.
More information about the wplug
mailing list