In yet another security enhancement, I have installed tripwire. It is a very cool program that builds an internal database of files and their attributes (including MD5 checksum & so on) that you specify in a policy file. The database, configuration and policy files are encrypted with a passkey, so you will need that to affect any changes (so a hacker cannot simply change them). Then I set up 2 cron jobs, one for every hour testing a small policy file and one every day testing the whole system (early in the morning), which e-mail me.
Of course, this doesn't prohibit 'root' from deleting the tripwire files, but if a hacker has 'root' access, the game's over, as they say. Time to reformat your HD, and system/site restore (from a time BEFORE you were hacked) (and choose a new/better 'root' password ;)).
Jason
PS: Please don't take this as an invitation to hack my system. ;) I have several major other pieces of security policy to implement.
