On Sat, 3 Feb 2001, ktb wrote: > On Sat, Feb 03, 2001 at 07:02:08PM -0300, [EMAIL PROTECTED] wrote: > > Hi. > > I just realized that someone entered my debian box with > > cablemodem. I couldn't find anything in the logs, but the pump package was > > deleted. > > I replaced inetd for xinetd. took off services I didnt't use (It > > was left all default, as I installed in a rush), and now I'd like a good > > intrusion detection system. > > I'd like to hear about any advices about not security (too wide) > > but tools to run in cron and which may be usefull for this kind of > > situations. > > Most of what I have read recommends a compete reinstall on a system that has > been breached. There may be back-doors you don't find. Take a look at - > http://www.cert.org/nav/recovering.html > > Also set up a firewall to help prevent this in the future. There is a > book at - > http://www.openna.com/resources/articles/v1.3-xml/index.htm > that might be helpful to you. It is redhat based but many good tips. > You might want to start with the Security-HOWTO at - > www.linuxdoc.org > > There are many programs like "tripwire", "snort" "portsentry" you might > want to take a look at.
I'll, thanks > > You might want to think about getting an older box, 486, P100, along > those lines and set up a dedicated firewall for your other box(s). It was already a dedicated firewall. The box runs telnetd (only for 192.168.1.x), squid and ipchains. can I complete re-install with apt? or I have to do the boot from cd again?
