[wplug] Warning: `//root/.bash_history' file size is zero

Christopher DeMarco cmd at alephant.net
Wed Apr 12 07:53:03 EDT 2006


On Wed, Apr 12, 2006 at 12:21:37AM -0400, Brian A. Seklecki wrote:

> Either way, you should be running Osiris/Tripwire/Samhain or some
> variant of fingerprinting on anything on the perimeter.

ALL of your logs -- third-party or syslog -- should be to a WORM
(write once read many) device, e.g. line printer.  Otherwise y3
m1gh7`/ h4><0r will just erase Tripwire logs along with /var/log/auth.


-- 
Christopher DeMarco <cmd at alephant.net>
Alephant Systems (http://alephant.net)
PGP public key at http://pgp.alephant.net
+1-412-708-9660


More information about the wplug mailing list