intrusion tracking
Heinz Diehl
htd at fritha.org
Wed Jan 26 15:00:12 UTC 2011
On 26.01.2011, Wolfgang S. Rupprecht wrote:
> The real issue is that there isn't a good activity log. While I can
> install tripwire to watch for changed files
I would have used "aide" instead of tripwire.
> it probably won't tell me how they got in.
> Is there something that addresses that problem?
No way. Once the attacker has become root, all your logs could be
deleted and/or manipulated. You can't rely on them any longer.
More information about the users
mailing list