[svlug] worms -n stuffy - backups
dagmar at dsurreal.org
Thu Jun 7 21:57:01 PDT 2001
On Thu, 7 Jun 2001, Alvin Oga wrote:
> you might not know when the "intrusion" occurred ...
> install xx today... wiat a day, a month....apply xx ....
> go back a month/two later and now you have a box under your control
> undetected ...cause they have nto found it in 2 months ???
Mebbe it'll be clearer this time around... Part of the reason I make my
backups right after the initial install and config is to _avoid_ the
possibilty that I might be backing up compromised binaries. I tend to
avoid the "whole filesystem" technique (grandfathering or not) for this
> > Keeping a careful eye on what one backs up as opposed to what files merely
> > have newer mtimes than the last backup gives one a good opportunity to
> > verify those integrity checksums as well. ;)
> eyes are doomed to fail... guaranteed ..!!!!
It was a figure of speech referring to paying close attention to how my
backups are made, rather than just trying to blindly backup / and keep
track of incremental changes.
> besides ... looking at backup logs an tripwire logs are *really* boring....
> and nobody can do that task for you .... *you* are the only one that is
> gonna care about the accuracy of the logs adn accuracy of the changes
> made to the system ( daily, weekely, monthly) ....
Yup, and aside from software upgrades, binaries don't often change at
all. With a little extra time spent at the outset, binary packages are a
lot easier to manage than user data.
Now if we're done with jumping to conclusions and making bling assumptions
More information about the svlug