full system IDS (Snort/Tripwire/Demarc) realistic due to noisy reports?
Stewart Stremler
bofh at stremler.net
Sun Mar 31 00:13:16 PST 2002
begin quoting John H. Robinson, IV as of Sat, Mar 30, 2002 at 12:23:24AM -0800:
[snip]
> some distros like to advertise what the booted kernel was, or other some
> such silliness.
Security risk. Why make life easier for skript kiddies?
> > > Modified: "/etc/mtab"
> >
> > This is meant to be a dynamic list of the files that are currently
> > mounted, no? Surely that belongs in /proc....
>
> you can symlink it to /proc/mounts. be prepared to use losetup -d if
> you use loopback mounts, though, if you do.
Heh. Once /etc/mtab goes away, that would get fixed. :)
> /etc is another fun place to put root kits :)
Yup.
"Oh, what's this strange file here? I won't delete it 'cause I don't
know what it is or what will break if I touch it."
-Stewart "dpkg -S and apt-get remove --purge are fun!" Stremler
More information about the KPLUG-List
mailing list