[prev in list] [next in list] [prev in thread] [next in thread] 

List:       centos
Subject:    [CentOS] Check integrity or rootkits on remote server?
From:       Marco Fioretti <mfioretti () mclink ! it>
Date:       2006-06-12 13:57:11
Message-ID: 1.3.200606121557.20717 () mclink ! it
[Download RAW message or body]

Hello,

when one has physical access to a computer, he
can run something like tripwire, with keys and
checksum on a separate, write-only media, to
verify the integrity of the system.

What if the system is a remote one (in my case
Centos 4.3 on a User Mode Linux VPS some hundred
of KMs from here)?

Does it still make sense to run tripwire remotely?
If yes, how, since you cannot plug a floppy or USB
drive in the machine?

What if tripwire was never ran? Does it make sense, on
a Centos system without physical access, to download there
and run remotely one of those rootkit detection tools?
Would its findings be surely accurate?

Generally speaking, how does one handle these issues on
remote systems?
Thanks in advance for any comment,

Marco




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[prev in list] [next in list] [prev in thread] [next in thread]