[ale] Linux Security

Jeremy T. Bouse undrgrid at undergrid.net
Fri May 8 15:06:04 EDT 1998


-----BEGIN PGP SIGNED MESSAGE-----


	You could try lookin for Tripwire... I believe that is the app you
are lookin for that uses the snapshot to verify integrity... I also use
Sentry which is part of the Abacus project (www.psionic.com) to check for
people port scanning our servers... Sentry will automatically firewall
them using ipfwadm and hosts.deny for tcpwrapper support... Sentry also
will run an outside script when it is trigger'd which I have set to email
the offending parties sysadmin and page me to let me know about it...
works pretty good and I've caught several parties scanning our servers...
mainly from Europe and Far East sites...

	Hope that helps,
	Jeremy T. Bouse
	System Administrator

On Fri, 8 May 1998, Mike Kachline wrote:

> Date: Fri, 8 May 1998 14:49:12 -0400 (EDT)
> From: Mike Kachline <kachline at cc.gatech.edu>
> To: ale at cc.gatech.edu
> Subject: [ale] Linux Security
> 
> 
> 	I remember having read a few months ago about either a program or
> suite of programs for helping administrators figure out if anything is
> askew on their linux machine. Mainly, I remember the README mentioning
> that this program would check timestamps, filenames and such of "commonly
> hacked" files such as /bin/login and such. 
> 	The distinct point I remember about this program is that the
> README highly suggested saving the "current snapshot" database on a floppy
> disk s.t. you could pop the floppy, thus making it unwritable to hackers.
> 
> 	Does anyone know what this program is? Better yet, does anyone
> know of a good set of scripts or app(s) which can be run which supplies a
> nightly status of whether any "critical files" have been changed? I would
> like to start learning about how to tighten the screws down on my Linux
> box(es).
> 
> 							- Mike
> ============================================================================
> Michael Kachline - CS, Georgia Tech
> kachline at cc.gatech.edu
> http://brightstar.gt.ed.net/kachline/
> ============================================================================
> 

   Jeremy T. Bouse - SouthNet TeleComm Services, Inc - www.STSI.net
  PGP ID/Fingerprint: 1024/E83D9AE5/4ACC03F098D78198  19D0593E50E597E9
     undrgrid at UnderGrid.net - NIC Whois: JB5713 - undrgrid at STSI.net
         /earth is 98% full ... please delete anyone you can.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNVNXn+ak13roPZrlAQG+PQP/SvbbSSbgo8u5FO0yPdRXJo3YZ2alPw9G
fA+ezEHOc2MJHQiOk5+dhA+jDATuA/mx761a11zzWP7M1ltiqFIb9zYjUk8r3/pD
CbLKGpr1kW49j7b8qMmths1DAQW7RONsh3sgcp4Z15wSZU4EdR/8G7s3xF0Gtyxz
TxylPlcj0fY=
=4j6d
-----END PGP SIGNATURE-----






More information about the Ale mailing list