[techtalk] bizarre....
Telsa Gwynne
hobbit at aloss.ukuu.org.uk
Mon Dec 13 16:58:14 EST 1999
On Mon, Dec 13, 1999 at 12:59:10PM +0100 or thereabouts, Nils Philippsen wrote:
>
> You won't catch added files with rpm -Va --
[snip]
> If you're not running a distro with RPM ... (almost anything except
> Slackware, Debian, Corel (Debian derivative) and Stampede IIRC).
I knew I bookmarked these for a reason. They do include using rpm
to verify packages and so on, but there are useful commands for
using find to locate setuid and guid files or to locate files with
names like ".. " (yes, with a space at the end) where apparently
people tend to put their toys.
This series of articles was in Linux Journal over the last few weeks
under the title "Thwarting the System Cracker".
http://www2.linuxjournal.com/articles/sysadmin/003.html
http://www2.linuxjournal.com/articles/sysadmin/004.html
http://www2.linuxjournal.com/articles/sysadmin/005.html
http://www2.linuxjournal.com/articles/sysadmin/006.html
http://www2.linuxjournal.com/articles/sysadmin/007.html
http://www2.linuxjournal.com/articles/sysadmin/008.html
Part five (007.html) is the one with the "what to do if you've had a
break in" stuff. It's brief, but it's easy to read and easy to apply
the commands it covers.
Telsa
************
techtalk at linuxchix.org http://www.linuxchix.org
More information about the Techtalk
mailing list