Well, as a philosophical note:
Having done the entire "security thing" for way too long, I
generally realize a few tasy tidbits of Security Zen, namely:
number 1: security may be up to the administrator, but 99.9% of the time,
the administrator is too busy to keep up with the sheer amount of white
noise that goes on in the security industry. Have you ever tried reading
every single post to bugtraq?
number 2: the customer really should be able to rely on the vendor for
patches like this, feeling safe from bad elements because the people who
make and build the software should be able to properly notify you if there
are holes in the software. (This is why I generally ignore large security
mailing lists, instead, signing up to the development and/or notification
lists of the pieces of software I need to worry about).
Finally: 99.9999% of all this publicly-seen security paranoia is basically
fluff.
=]
::steps off of soap box::
-Jesse
-----Original Message-----
From: Adam Reynolds [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 09, 2001 4:54 AM
To: CF-Linux
Subject: RE: Cobalt Raq3 Security
I've added all the patches from the Cobalt site. Hopefully that should
solve any worries I may have :-)
-----Original Message-----
From: Jesse Noller [SMTP:[EMAIL PROTECTED]]
Sent: 08 March 2001 16:51
To: CF-Linux
Subject: RE: Cobalt Raq3 Security
generally, Adam, you'd find out pretty quickly if you have been
compromised,
but, for real starters, examine your log files
Your log files should go in date/time sequential order, and rarely have any
gaps more than a few second between entries, if you see something like:
03/08/01 02:26:13
03/08/01 03:30:13
Note the jump from 2:26 to 3:30
Also check your login logs, make sure there are no discrepencies.
Also, as a rule of thumb, download a utility from freshmeat (there are
hundreds), basically, what the utility should do is make MD5 sums of all of
your system binaries, this database is checked fairly regularly, and if the
binary has been modified, and YOU haven't modified it, you can rest assured
there is something odd in bartertown.
Just a few pointers. I suggest you check out a document named Securing
Redhat Linux @
http://www.allaire.com/handlers/index.cfm?ID=10956&Method=Full
-Jesse
-----Original Message-----
From: Adam Reynolds [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 08, 2001 7:38 AM
To: CF-Linux
Subject: Cobalt Raq3 Security
How could I analyse my Cobalt box to determine if the machine had been
hacked?
I just noticed that the company through which I colocate, only informed me
of Cobalt Raq3 OS4 update and not the more recently available patches (in
particular the bind 8.2.2 patch).
What clues should I look for? Files I should monitor?
Best Regards,
Adam Reynolds
ColdFusion Web Developer
ISMG Development, Unilever
London
( +44 20 7822 5450 (ext 5450)
m: +44 7973 386620
* [EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
