Open rawiriblundell opened 1 year ago
Considerations:
sha256
-> md5
-> cksum
could mitigate this. To be benchmarked./var/tmp/haschanged/filename
auditd
and off-system FIM/SIEMs. The reality is that if an attacker is on a system such that they can tweak cache objects like this, then you have far bigger issues
As described here:
https://blog.steve.fi/the_traffic_is_waiting_outside.html