[CentOS] how to know when a system is compromised

[Chris Adams]

Once upon a time, Leroy Tennison <leroy at datavoiceint.com> said:
>  The executable could be placed on mounted read-only media

That's not as secure as you think.  Linux bind mounts can mount a file
over another file (plus there's overlay filesystems), so it's possible
to replace a binary even on a read-only device.

-- 
Chris Adams <linux at cmadams.net>