what to use instead of tripwire?t
Göran Uddeborg
goeran at uddeborg.se
Mon Oct 13 11:54:57 UTC 2003
Owen Taylor writes:
> Any method that doesn't involve booting from a read-only medium
> and checking against data on that read-only medium is basically
> only proof against casual/incompetent intruders.
Why would the medium have to be read-only? Wouldn't it be enough that
one boots from this trusted medium and only uses binaries from it? (I
assume of course the medium is not present when not booted from.)
More information about the test
mailing list