Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

AIDE problem handling symlinks

from [fryxar fryxar] Network Security [Permanent Link]
Subject: AIDE problem handling symlinks
Date: Mon, 27 Nov 2006 15:42:53 +0000 (GMT) 
AIDE (Advanced Intrusion Detection Environment) is a
tool that creates a Database that can be used to
verify the integrity of files.

As modern filesystems (ext2, ufs, etc) implement fast
symlinks to store target's pathname, if only checksums
options (sha1, md5, tiger, etc) are used to check the
integrity of a soft link file, AIDE will not be able
to detect changes made on it.

If you use a mtime/ctime option, and somebody change a
target's pathname, AIDE will show it, but these
options are easy trickly with a standard Unix "touch"
command (and root privilege, of course).

So, I added the new option "l" to AIDE, to implement a
target's pathname comparison for symbolic links
against the database.  If a target's pathname is
changed on a symlink file, the difference will be
showed.

Please upgrade your AIDE tool to the last version
available (>= 0.13-r1)


__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis! 
¡Abrí tu cuenta ya! - http://correo.yahoo.com.ar
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • AIDE problem handling symlinks, fryxar fryxar <=
Previous by Date:  Cursor snarfing - a new class of vulnerability and attack in Oracle, David Litchfield
Next by Date:  ClickContact SQL Injection, Advisory
Previous by Thread:  Cursor snarfing - a new class of vulnerability and attack in Oracle, David Litchfield
Next by Thread:  ClickContact SQL Injection, Advisory
Indexes:  [Date] [Thread] [Top] [All Lists]