RE: Cobalt Raq3 Security

Fri, 09 Mar 2001 01:39:38 -0800 

I've added all the patches from the Cobalt site. Hopefully that should
solve any worries I may have :-)

-----Original Message-----
From:   Jesse Noller [SMTP:[EMAIL PROTECTED]]
Sent:   08 March 2001 16:51
To:     CF-Linux
Subject:        RE: Cobalt Raq3 Security

generally, Adam, you'd find out pretty quickly if you have been
compromised,
but, for real starters, examine your log files


Your log files should go in date/time sequential order, and rarely have any
gaps more than a few second between entries, if you see something like:

03/08/01 02:26:13
03/08/01 03:30:13

Note the jump from 2:26 to 3:30

Also check your login logs, make sure there are no discrepencies.

Also, as a rule of thumb, download a utility from freshmeat (there are
hundreds), basically, what the utility should do is make MD5 sums of all of
your system binaries, this database is checked fairly regularly, and if the
binary has been modified, and YOU haven't modified it, you can rest assured
there is something odd in bartertown.

Just a few pointers. I suggest you check out a document named Securing
Redhat Linux @
http://www.allaire.com/handlers/index.cfm?ID=10956&Method=Full

-Jesse

-----Original Message-----
From: Adam Reynolds [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 08, 2001 7:38 AM
To: CF-Linux
Subject: Cobalt Raq3 Security


How could I analyse my Cobalt box to determine if the machine had been
hacked?

I just noticed that the company through which I colocate, only informed me
of Cobalt Raq3 OS4 update and not the more recently available patches (in
particular the bind 8.2.2 patch). 

What clues should I look for? Files I should monitor?


Best Regards,

Adam Reynolds
ColdFusion Web Developer
ISMG Development, Unilever
London

( +44 20 7822 5450 (ext 5450)
m: +44 7973 386620
*  [EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to