should therefore make sure you detect intruders early. Checking the system log files is a good starting point, but the intruder is probably clever enough to anticipate this action and will delete any obvious traces he or she left. However, there are tools like
tripwire
, written by Gene Kim and Gene Spafford, that allow you to check vital system files to see if their contents or permissions have been changed.
tripwire
computes various strong checksums over these files and stores them in a database. During subsequent runs, the checksums are recomputed and compared to the stored ones to detect any modifications.
Notes
Notes
[1]
We will come back to this topic in Chapter 12
.
[2]
There have been commercial Unix systems (that you have to pay lots of money for) that came with a setuid-root
shell script, which allowed users to gain root
privilege using a simple standard trick.
[3]
In 1988, the RTM worm brought much of the Internet to a grinding halt, partly by exploiting a gaping hole in some programs including the sendmail
program. This hole has long since been fixed.
Prev
Home
Next
Linux Networking
Up
Issues of TCP/IP Networking
