This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
To: Brian Coyle <brianc@magicnet.net> Subject: Re: [svlug] spontaneous shutdown??? Date: Fri, 27 Oct 2000 19:45:18 -0700 From: J C Lawrence <claw@kanga.nu> On Fri, 27 Oct 2000 21:20:43 -0400 Brian Coyle <brianc@magicnet.net> wrote: > Have you booted from a known good media (Linuxcare BBC?) and > compared file sizes, timestamps and MD5 checksums? One thing I've recently started to do is to keep a tripwire DB on both the localmachine, and under version control ona a secondary remote machine. That way I can check locally in the normal fashion, _AND_ cehck the tripwire DB itself against the copy stored remotely (MD5Sum) -- which gives a noticably smaller window against root compromises. > Maybe [s]he needed to reinstall the rootkit after you upgraded the > box... Don't suppose you're running tripwire, LIDS or similar? I've been thinking about playing with LIDS. Anybody here have direct experience? ===