[Aide] Reporting log files
Marc Haber
mh+aide at zugschlus.de
Thu Mar 29 14:34:01 EEST 2007
On Thu, Mar 29, 2007 at 12:52:17PM +0300, Pablo Virolainen wrote:
> ssh <machine_to_be_checked> aide_script.sh > aide_<current_time>.db
> And they could make the aide_<current_time>.db to have data which suggest
> that nothing has happened.
They can always make the aide.db conform to the file found if the
database is stored locally. If it isn't, I think that it is
extraordinarily hard to craft a file that does what the attacker wants
and fits checksum and size.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Aide
mailing list