On Wed, 2004-01-21 at 23:32, Paul Jakma wrote:
> People do ypcat passwd all the time (ypcat passwd | grep foo),
> hopeless to try catch people by monitoring this (and there isnt an
> easy way to monitor it iirc, least not with linux ypserv, last i
> remember).
Theory only:
I wonder if there is any point in moving the command ypcat to something
else say foo2.
When the command ypcat is called it does a
foo2 | tee me_output_to_trusted_elsewhere and maybe even kicks off a
script that captures the username.
End Theory.
Other things you could do is md5 checksum all the system programs to see
if there is an evil version there.
Paul
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
