On Sun, Mar 14, 2010 at 6:16 AM, Pats <newlx...@yahoo.co.uk> wrote: > > 1) How can we detect that someone has intruded / hacked our linux box ?
Audit file signatures using aide or tripwire. It is important to keep a 'read only' copy of the initial signatures offline and *not* on the system itself for the cracker to his/her way > 2) Which commands to use for such detection ? Security is a process and not a product. See above. Also google search for 'rootkit' and use it to verify if critical system tools like 'ps, ls ' have been replaced with compromised versions. > 3) How to decipher the output of `netstat -a ` ? -a will list *all* network connections (a) 'udp', (b) 'tcp' for connections going out of your system as well incoming (c) tcp, (d) connections into your system (listening services). Suggest you read up and get your basic fundae on networking excellent book "The Linux Network Administrator's Guide" by Olaf Kirch and Terry Dawson available here <http://www.tldp.org/LDP/nag2/index.html> ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ linux-india-help mailing list linux-india-help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-india-help
