1. How can I monitor if script kiddies are putting stuff into these world writable directories?
2. Is there a way to prevent any script kiddies from accessing these directories? Most of the time, the script kiddies will launch IRC server (using user nobody) which does nothing because my firewall block all ports except for authorized ports.
I also read somewhere when I google that use some watch program to monitor the directories but was unable to download the source.
Some other info.
- Slackware v10.1, kernel v2.4.29
- both directory are not in separate partition, so cannot use noexec, nosuid, nodev. Anyway according to some expert these are not enuff.
- I have chkrookit and rkhunter to check for any trojan.