[rescue] SGI fw_sshd and security
kloch at gurunet.net
Mon Mar 8 11:45:13 CST 2004
Dave McGuire wrote:
> On Mar 8, 2004, at 9:28 AM, Kevin wrote:
>> Your Tripwire database, executable binary and tw.config file are
>> supposed to be located on read only media. An attacker could
>> edit the cron process, that runs Tripwire automatically, to run a
>> hacked version, but that would still fail with manual audits
>> which should be done at least once a week.
> Yes, supposed to be...but who actually does that?
People who don't spend enough time auditing their firewall
More information about the rescue