I am giving a presentation with an author of Hacking Linux Exposed about
file integrity checking (focusing on mtree and AIDE).
Although I have used file integrity checking for several years, I don't
have any great examples of how it notified me or saved me from some
malicious file changes.
Does anyone have any real examples of how file integrity checking saved
you?
(Or can you point me to any?)
The only big example I know of is how trojaned sendmail was identified
with Gentoo's build system that automatically checked the source file's
checksum. (But that is a lot different than using file integrity checking
to verify executables, configurations and other parts of your file
system.)
Thanks,
Jeremy C. Reed
http://bsd.reedmedia.net/
(text/plain)