On Wed, Oct 17, 2007 at 04:27:29PM -0700, Gordon Messmer wrote: > >subdirectory of some other machine, then running rsync -avn against the > >live one to see what has changed. > That might not be good enough. 'rsync -a' will skip more thorough > checks if two files size and mod times match. An attacker could fairly > easily produce a binary of the same size, and fix the mod time after > installation. Adding -c will make it do a full checksum of each file. This will be very slow but hard to trick. -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/>
