Kostas Georgiou wrote:
> Does it work with prelinking? Or do you have to disable it
> which will make buffer overflow attacks a bit easier?
AIDE simply stores file hashes and filesystem metadata at a 'known-good'
point in time, allowing you to check for inconsistencies at later
'unknown' points in time.
Any modifications to monitored files will be flagged up (weaknesses in
the employed hashes notwithstanding).
However, provided you revise your AIDE DB with updated file hashes after
you've performed a prelinking run, I don't see any problem..
Cheers,
David
--
David McBride <[log in to unmask]>
Department of Computing, Imperial College, London
|