[techtalk] bizarre....

Telsa Gwynne hobbit at aloss.ukuu.org.uk
Mon Dec 13 16:58:14 EST 1999


On Mon, Dec 13, 1999 at 12:59:10PM +0100 or thereabouts, Nils Philippsen wrote:
> 
> You won't catch added files with rpm -Va --
[snip]
> If you're not running a distro with RPM ... (almost anything except
> Slackware, Debian, Corel (Debian derivative) and Stampede IIRC).

I knew I bookmarked these for a reason. They do include using rpm
to verify packages and so on, but there are useful commands for
using find to locate setuid and guid files or to locate files with
names like ".. " (yes, with a space at the end) where apparently
people tend to put their toys. 

This series of articles was in Linux Journal over the last few weeks
under the title "Thwarting the System Cracker". 

         http://www2.linuxjournal.com/articles/sysadmin/003.html
         http://www2.linuxjournal.com/articles/sysadmin/004.html
         http://www2.linuxjournal.com/articles/sysadmin/005.html
         http://www2.linuxjournal.com/articles/sysadmin/006.html
         http://www2.linuxjournal.com/articles/sysadmin/007.html
         http://www2.linuxjournal.com/articles/sysadmin/008.html

Part five (007.html) is the one with the "what to do if you've had a 
break in" stuff. It's brief, but it's easy to read and easy to apply 
the commands it covers.

Telsa

************
techtalk at linuxchix.org   http://www.linuxchix.org




More information about the Techtalk mailing list