Rootkit signatures?

Paul Lussier p.lussier at comcast.net
Thu Jun 25 15:55:46 EDT 2009


Seth Cohn <sethcohn at gnuhampshire.org> writes:

> Kenny, you've answered your own question why the rootkit detectors are
> all aged badly: Tripwire does this, without the need for updating
> rootkit signatures.
>
> You need to just go back and answer the initial request with:
>
> This was already implemented on XX/XX/200X by the installation of
> Tripwire on our system(s), which performs checks on all major files on
> all servers in question.

In addition, I would add something like:

   "Additionally, we have redirected all Tripwire reports to your
    group so that you can personally keep an eye on the security of
    these systems."


And make sure to have tripwire alert on all logs in /var/log ;)

--
Seeya,
Paul



More information about the gnhlug-discuss mailing list