xnumon icon indicating copy to clipboard operation
xnumon copied to clipboard
verified publisher icon droe

xnumon self-defense

Open droe opened this issue 7 years ago • 0 comments

Config changes are already monitorable by watching eventcode 0 for unexpected settings and agent restarts. However, self-defense could be further improved, perhaps by:

  • Including hashes of configuration file in eventcode 0 events
  • Logging writes to configuration, binary, control utility, log files

Having said that, an attacker with escalated privileges will always be able to disrupt or disable xnumon.

droe avatar Jun 17 '18 11:06 droe