[CentOS] how to know when a system is compromised

Chris Adams

linux at cmadams.net
Thu Nov 14 16:57:21 UTC 2019

Once upon a time, Leroy Tennison <leroy at datavoiceint.com> said:
>  The executable could be placed on mounted read-only media

That's not as secure as you think.  Linux bind mounts can mount a file
over another file (plus there's overlay filesystems), so it's possible
to replace a binary even on a read-only device.

Chris Adams <linux at cmadams.net>

More information about the CentOS mailing list