Re: intrusion detection / logfile reporter

Sat, 10 Nov 2001 07:11:25 -0600 


-------- Original Message --------
Subject: Re: intrusion detection / logfile reporter
Date: Sat, 10 Nov 2001 00:24:34 -0800 (PST)
From: Alvin Oga <[EMAIL PROTECTED]>
To: "Timo <Blazko> Boewing" <[EMAIL PROTECTED]>
CC: "Debian User (en)" <debian-user@lists.debian.org>


hi timo

i like to ask more detailed stuff...

here's some simpler answers...
        - as others have said, download and install logcheck or equivalent

-- Debian security howto
        http://www.debian.org/doc/manuals/securing-debian-howto/

-- patch your kernel
        - add libsafe, ow1, etc

        http://www.Linux-Sec.net/Harden/kernel.gwif.html

-- to detect incoming email virus
        http://www.Linux-Sec.net/server.gwif.html#Mail

-- to detect that a script kiddie added some files to your maohines
   or modified your system
        run tripwire, aide, etc
        do your own checksums, md5 on files oyu care about

        http://www.Linux-Sec.net/IDS/

-- to detect that a script kiddies is scanning your ports
        run snort, ippl, etc

        http://www.Linux-Sec.net/Scanner

-- audit your server for vulnerabilities
        ( at least take a minute and do the simple stuff
        run nmap,nessus

        http://www.Linux-Sec.net/Audit/

-- running log file anaysis is nice...but remember that most script
   kiddies will erase traces of their attacks from the log files
        - send all logs to a secure loghost server

-- to detect that someone has logged in as root
        send yourself email from ~root/.login

-- More server and network security hardening

        http://www.Linux-Sec.net/Harden/

-- lots of fun stuff...


have fun linuxing
alvin
http://www.Linux-1U.net ... 500Gb 1U Raid5 ...

On Fri, 9 Nov 2001, Timo <Blazko> Boewing wrote:

> Hello all,
>
> I have some questions regarding system security. Besides of doing
> filtering with IP tables, disabling inet.d services like telnet, r-tools
> etc. and setting some general denials in /etc/hosts.deny (plus some
> other stuff like changing default ports of some demons like sshd), I am

> looking for some additional security options I can apply to a linux 
system.

>
> Especially, I am looking for a not-too-paranoid-to-setup-tool that can
> review my logfiles and report me via beep and/or local mail that it
> found something unusual in a log. Does anyone know of such a tool?
>
> Second, as a more theoretical question, is there any open source project
> available that can inspect network packages on application level, e.g.
> to detect virusses etc. (like sandboxes on huge firewall systems).
>
>
> I hope not to mix some termini, cos I am not that good in this network
> stuff...but I hope to learn from your answers. So do not hesitate to
> post answers 8^).
>
> Greetings and have a nice weekend,
>
> Timo
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]

> with a subject of "unsubscribe". Trouble? Contact 
[EMAIL PROTECTED]

>

























					Reply via email to