LFD - Improvement Suggestions

Post Reply
ImZan
Junior Member
Posts: 5
Joined: 12 Dec 2006, 10:12

LFD - Improvement Suggestions

Post by ImZan »

#1 - File Integrity Checking

Being able to monitor important folders and files for changes. IE : /etc , /etc/passwd, groups , shadow, config files, system binaries . Based on md5 checkings ?
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

lfd already does that with the LF_DIRWATCH_FILE setting and the csf.dirwatch file.
ImZan
Junior Member
Posts: 5
Joined: 12 Dec 2006, 10:12

Post by ImZan »

But - if I enable the disable option for suspicious files - won't it delete those ?
rafaelfpviana
Junior Member
Posts: 14
Joined: 12 Dec 2006, 12:18
Location: Brazil

custom security level

Post by rafaelfpviana »

it would be great to be able to create a custumized security level.

In my case for exemple, I would like to use the High Security Level but without the Remove suspicious files setting.
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

ImZan wrote:But - if I enable the disable option for suspicious files - won't it delete those ?
No, the LF_LF_DIRWATCH_FILE setting doesn't use LF_DIRWATCH_DISABLE
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

rafaelfpviana wrote:it would be great to be able to create a custumized security level.

In my case for exemple, I would like to use the High Security Level but without the Remove suspicious files setting.
You can always just set the High Level and then go into the configuration file and disable any options that you want.
rafaelfpviana
Junior Member
Posts: 14
Joined: 12 Dec 2006, 12:18
Location: Brazil

Post by rafaelfpviana »

chirpy wrote:You can always just set the High Level and then go into the configuration file and disable any options that you want.
Didn't know about that, i'll check it out Chirpy. Thanks.
pimpinjg
Junior Member
Posts: 1
Joined: 18 Jul 2008, 11:56

Post by pimpinjg »

is there anyway to make it auto delete suspicious files becuz im getting backdoored and im not ready for an os reload till i get a good backup..:(
deadeye
Junior Member
Posts: 61
Joined: 05 Jan 2007, 04:35
Contact:

Post by deadeye »

pimpinjg wrote:is there anyway to make it auto delete suspicious files becuz im getting backdoored and im not ready for an os reload till i get a good backup..:(
What would define a suspicious file? Also, if your system is already compromised it is too late to get a good backup. How will you know that you are not just backing up and restoring the exploit?
Post Reply