

Ask HN: Guarding against a "trickle delete" or otherwise unnoticed attack? - benguild

How realistic is it to protect against an attack where someone retains access to your system for an extended period of time and therefore can cause minor incremental damage that could exceed backup image retention? (ie. 30 days?)
======
fakeanon
What OS's, &c? You could hash the contents of all of the files each day and
compare them with previous hashes, asking to confirm that any ones that were
changed were files you were modifying, allowing a comparison of their content
is wanted. E.g.:

    
    
      two changes:
                  2013-08-16    2013-08-17
      1) a.txt    f84hksfjdjf   vg0dfnj4hnj
      2) b.txt    f09donf;4fd   fkjdfjh3las
      (c)onfirm [#][all] (v)imdiff [#] (s)hell
    

But I'm not a security guy, so maybe that is a silly idea.

