427 Botnet fm qxd

shows example code that adds a new syntactic feature. Stage 3 describes
the introduction of a couple of Trojan horses into the compiler. 
The moral is, as Thompson points out, obvious. “You can’t trust
code that you did not totally create yourself.” Thompson’s two-stage
Trojan attack escapes source-level inspection, since the attack relies on
the subverted compiler. A Trojan planted by the supplier of your oper-
ating system is a little extreme, but substitutions and backdoors can
lurk in any new installation or upgrade. 
Exactly what is protected (or rather monitored; for full protection, you
need to call on backups and/or reinstallation media) depends on which files
and directories you configure it to monitor. In principle, it can be set to
monitor every—or any—file or directory on a monitored system, not just
system files and directory trees. In general, though, this can be counterpro-
ductive. Even on a server on which system files stay fairly static and contain
no user data, you’ll need to make exceptions for files that are changed
dynamically, such as log files. On a system that contains dynamic data, you
need to set up a far more discriminating system.
Tripwire configuration and policy files are signed using the site key,
whereas the database file and probably the report files are signed with the
local key. Once the database is initialized and signed,Tripwire can be run
from cron according to the settings in the configuration file, which specifies
which files and directories are to be monitored and in what detail.
Ignore
flags
specify the changes that are considered legitimate and that should generate an
alert. In check mode, the file system objects to be monitored are compared to
the signatures in the database: Apparent violations are displayed and logged
and can also be mailed to an administrator. Apparent violations can, if found
to be valid, be accepted by selectively updating the database.

Download 6,98 Mb.

Do'stlaringiz bilan baham: