zachriggle
commented
9 years ago Do not run inotify as the service user: Run it as the Ctf user. It cannot be killed this way.
Closed bool101 closed 8 years ago
zachriggle
commented
9 years ago Do not run inotify as the service user: Run it as the Ctf user. It cannot be killed this way.
bool101
commented
9 years ago this may not work if the ctf user can't access the flag file.
zachriggle
commented
8 years ago The inotify stuff we ended up using is in Boro, not Gatekeeper. Closing this up.
one way to attack a service with inotify monitoring is to first kill the inotify process. we should monitor for this and log / restart when we see it happen.