http://brainstorm.ubuntu.com/item/6416/ a)Files have been edited when the system was shutdown.
b)Files in a users home directory have been edited more recently then the last time they logout

a simple message like
"files have been modified since the system was last successful shutdown/logout, click to see details"
would cover the fact that it will be triggered in the event of a crash. clicking for details could then trigger a more detailed analysis.

There are obviously security flaws with this, an attacker can spoof the file edit times, an attacker would be able to disable the reporting system, etc, but some security would be gained against simple attacks (like logging in at recovery mode, or using a live CD)

[-7 votes] Solution #1: Auto-generated solution of idea #6416


]]> en-us Sat, 05 Apr 2008 03:01:22 +0000 Mon, 19 May 2008 22:22:25 +0000 QAPoll module http://brainstorm.ubuntu.com/idea/6416/ Sat, 05 Apr 2008 14:48:15 +0000
In any case, this adds unnecessary overhead (hashing files at logon, comparing to hash database, updating hash database at logoff).]]> Wed, 23 Apr 2008 22:08:56 +0000
* "Files have been edited when the system was shutdown."
Duh! How can a file be edited if the system is shut down? -_-'

* as sayd by 3wings, this would cause *a hell of a lot* of overhead.

If you want to be sure important files have not been edited during your absence, just save a hash of those files, then check them back.

Once you saw how much time it takes for some files, you'll understand why it can absolutely *not* be done at log in/out.]]> Mon, 19 May 2008 22:22:25 +0000