[Aide] Reporting log files
Pablo Virolainen
pablo at vapaa.fi
Thu Mar 29 10:25:48 EEST 2007
On Wed, 28 Mar 2007, Richard van den Berg wrote:
> Pablo Virolainen wrote:
> > I know that some of you
> > don't want to run update (because it can leak some information to the
> > attacker).
> >
>
> Please explain. I'm not sure I know what you mean here.
Assuming you have break the system, and by breaking into the system, some
system binary has been changed. When they (the bad guys) get the
information (the hash value of the original binary) they can feed it back
so that AIDE won't see the change. Yep.. I know that the scenario is
quite... unlikely. Actually can't really remember any such attact. If you
do, pleace tell.
Pablo Virolainen
More information about the Aide
mailing list