full system IDS (Snort/Tripwire/Demarc) realistic due to noisy reports?
John H. Robinson, IV
jhriv at ucsd.edu
Sat Mar 30 00:23:24 PST 2002
On Fri, Mar 29, 2002 at 08:51:40PM -0800, Stewart Stremler wrote:
>
> > Modified: "/etc/issue"
>
> Ah, yes, this is frequently generated under Linux for some stupid reason.
> This should be a static file, like motd.
some distros like to advertise what the booted kernel was, or other some
such silliness.
other distros like to put tags in /etc/issue, that are replaced
with the current kernel version, and tty, and other such
silliness. bah!
# echo go away > /etc/issue
> > Modified: "/etc/mtab"
>
> This is meant to be a dynamic list of the files that are currently
> mounted, no? Surely that belongs in /proc....
you can symlink it to /proc/mounts. be prepared to use losetup -d if
you use loopback mounts, though, if you do.
> > If you want to monitor /etc who know what you'll
> > get the next day?!?!
>
> Heh.
/etc is another fun place to put root kits :)
-john
More information about the KPLUG-List
mailing list