On Fri, 2005-09-02 at 10:43, Alan Porter wrote: > > I think my server's secure but that's what scares me :) How would I > > know if someone did get access that wasn't supposed to? Any log files > > I need to be monitoring? > > See chkrootkit. http://www.chkrootkit.org/ > > > Alan > I just wanted to put in yet another plug for running Mandrake with MSEC. Msec does a fantastic job of letting you know of *any* changes to any config files - or any new applications and ports that happen to open up on your local server.
I also use the DenyHosts python program (and have modded it to deny all services from the compromised IP). These lame probes are almost always script-kiddie attacks located on compromised PC's. We should all get together at Lisa's InfoSeCon (Nov 1) and compare tin foil hats. Keep safe - Jon Carnes -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
