From owner-freebsd-questions  Sat Oct 16 12:26:58 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from cssun.mathcs.emory.edu (cssun.mathcs.emory.edu [170.140.150.1])
	by hub.freebsd.org (Postfix) with ESMTP id 5E40214EC0
	for <freebsd-questions@FreeBSD.ORG>; Sat, 16 Oct 1999 12:26:50 -0700 (PDT)
	(envelope-from atk@electron.mathcs.emory.edu)
Received: from electron.mathcs.emory.edu (electron [170.140.150.48])
	by cssun.mathcs.emory.edu (8.9.3+Sun/8.9.1) with ESMTP id PAA10419
	for <freebsd-questions@FreeBSD.ORG>; Sat, 16 Oct 1999 15:26:49 -0400 (EDT)
Received: (from atk@localhost)
	by electron.mathcs.emory.edu (8.9.3+Sun/8.9.1) id PAA02960
	for freebsd-questions@FreeBSD.ORG; Sat, 16 Oct 1999 15:26:49 -0400 (EDT)
Date: Sat, 16 Oct 1999 15:26:49 -0400 (EDT)
From: Alan Krantz <atk@mathcs.emory.edu>
Message-Id: <199910161926.PAA02960@electron.mathcs.emory.edu>
To: freebsd-questions@FreeBSD.ORG
Subject: Best way to detect break in
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


What is the best way to detect a break in ? For example, is there a program 
that will make a checksum of all system software and then compare current 
checksum to this checksum (as well as other useful checks)?

I'm not on this mailing list - not sure if that makes a difference with
regards to getting responses. I did look on freebsd.org/security and
while they gave hints as to what to do if you detect a break in they
didn't really discuss the art of detecting a clever break in...

Thanks,
Alan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message