Date: Thu, 16 Sep 1999 23:25:05 -0600 From: Brett Glass <brett@lariat.org> To: "Harry M. Leitzell" <Harry_M_Leitzell@cmu.edu> Cc: Liam Slusser <liam@tiora.net>, Kenny Drobnack <kdrobnac@mission.mvnc.edu>, security@FreeBSD.ORG Subject: Securing a system that's been rooted remotely (Was: BPF on in 3.3-RC GENERIC kernel) Message-ID: <4.2.0.58.19990916232349.047c27a0@localhost> In-Reply-To: <Pine.SOL.3.96L.990916210821.19993A-100000@unix8.andrew.cmu .edu> References: <4.2.0.58.19990916185341.00aaf100@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 09:28 PM 9/16/99 -0400, Harry M. Leitzell wrote: > No offense, but tripwire is really a bit overrated except if the >person is a script child and hasn't a clue as to what to do. If tripwire >hasn't been set up with the db set on a readonly disk partition and you >gain root, you can set up a KLM to change the db on the fly. securelevel=2 and above disables LKMs, IIRC. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19990916232349.047c27a0>