On 4/26/05, Emilio <[EMAIL PROTECTED]> wrote: > Yo conozco el chkrootkit. > Echale un vistazo a ver que tal. > Mira tambien el tripwire, pero eso mas que para descrubrir, es para > prevenir, ya que lo que hace es hacer una base de datos con tus archivos > y si son modificados, te lo indica. > > Un saludo > > El mar, 26-04-2005 a las 11:27 -0300, Leo escribi�: > > Hola Lista. > > > > Hay alg�n soft que sirva para buscar rootkits o cosas "raras" en un equipo? > > > > O al menos que que indice en que puntos habr�a que mejorar la seguridad? > > > > Muchas Gracias. > > > > > > Salu2. > > > > --- Dat1.net --- > > [Este mail fue controlado con Declude Virus/F-Prot] > > > > > > Aunque no relaccionado con rootkits, s� lo est� con la seguridad: Tiger: Report system security vulnerabilities TIGER, or the 'tiger' scripts, is a set of Bourne shell scripts, C programs and data files which are used to perform a security audit of UNIX systems. TIGER has one primary goal: report ways 'root' can be compromised. . Debian's TIGER incorporates new checks primarily oriented towards Debian distribution including: md5sums checks of installed files, location of files not belonging to packages, check of security advisories and analysis of local listening processes.
Bastille: Bastille Linux is a security hardening program for GNU/Linux. It increases the security of the system either by disabling services (if they are not necessary) or by altering their configuration. . If run in the (recommended) Interactive mode, Bastille educates the administrator during the hardening process: in each step of the process, extensive descriptions are given of what security issues are involved. Each step is optional. If run in the quicker Automated mode, Bastille hardens the system according the profile chosen. harden: Makes your system hardened This package is intended to help the administrator to improve the security of the system, or at least make the host less susceptible. . NOTE! This package will not make your system uncrackable, and it is not intended to do so. Making your system secure involves a LOT more than just installing a package. You are recommended to read at least some documents in addition to installing this package. The documents can be found in the harden-doc package. This is of course just a start because there are LOT of information on how to make your system more secure. Concretamente, hay distintos paquetes relativos a harden: apt-cache search harden bastille - Security hardening tool harden - Makes your system hardened harden-clients - Avoid clients that are known to be insecure harden-development - Development tools for creating more secure programs harden-doc - Useful documentation to secure a Debian system harden-environment - Hardened system environment harden-nids - Harden a system by using a network intrusion detection system harden-remoteaudit - Audit your remote systems from this host harden-servers - Avoid servers that are known to be insecure harden-surveillance - Check services and/or servers automatically harden-tools - Tools to enhance or analyze the security of the local system Adem�s te interesar�a instalar alg�n IDS del tipo snort: Flexible Network Intrusion Detection System Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba. Estas herraminetas, junto las que te han comentado m�s arriba, est�n bien para empezar. Pero lo mejor como siempre, es leer, leer y leer un poco m�s. Ya sabes: RTFM! ;-)
