[rt-users] How can I detect unauthorized changes to RT?
John Rouillard
rouilj at renesys.com
Thu Mar 30 11:12:54 EST 2006
On Thu, Mar 30, 2006 at 09:53:34AM -0500, Jesse Vincent wrote:
>
>
> > Another possibility might be database triggers on update for the
> > tables you want to watch. Don't know well that works with mysql but
> > it worked fine for a similar problem on oracle that had nothing to do
> > with RT. They used a trigger to update an audit table that was scanned
> > on a regular basis.
>
> That would assume that an attacker couldn't exploit the database below
> the SQL level to modify things.
I assumed the OP wanted auditing of the database for changes to the
tables when done via RT.
However, that's a good point. As I said I am not sure how permissions
on triggers etc work on mysql. If a normal user can bypass then it's
not useful. If you allow all your users access to the root user in
mysql well then you deserve what you get.
--
-- rouilj
John Rouillard
System Administrator
Renesys Corporation
603-643-9300 x 111
More information about the rt-users
mailing list