21 Aug
2009
21 Aug
'09
3:22 p.m.
Also processes you thinkk you DO recognize: Just for testing how alert my co-workers were, i had a program called "kswapd", just calculating prime-numbers... They never noticed. ;-)
Without any preperation it's harder. No point in installing tripwire, activating apparmor/selinux afterwards. Those things should be done after a fresh installation.
Indeed. I once found a gdm binary that had been subverted. I'm certain that would fly below the radar of many organizations.
--------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/