On Mon, 03 Jul 2006 19:00:38 EDT, Bill Davidsen said:But it ran faster, right? ;-)
Valdis.Kletnieks@xxxxxx wrote:
There's other issues as well. Why do people run 'tripwire' on boxes thatWhat has RAID got to do with detecting hacking?
have RAID on them?
Actually, I've had tripwire detect more *accidental* changes due to buggy
software than I have had it detect actual hacking. Oh, and it's good at
catching unintended config changes - I started using tripwire after I
fat-fingered a script, and the machine backed up to /dev/null instead of
/dev/rmt0.
In fact, I've never actually had tripwire detect actual hacking.I was using hacking in the general sense, I have a spiffy quote around about being in more danger from incompetence than malice. Patches with side effects, changes which work but reset directory permissions and/or ownership... I think it was Pogo who said "we have met the enemy and he is us."