Any suggestions on what to run on a centos box to verify that the
server isn't compromised or being sniffed? Thanks!
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

19.2.2012 3:38, Al kirjoitti:
> Any suggestions on what to run on a centos box to verify that the
> server isn't compromised or being sniffed? Thanks!

rkhunter comes to my mind.

--

Don't hate yourself in the morning -- sleep till noon.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Feb 18, 2012, at 9:07 PM, Donkey Hottie wrote:

> 19.2.2012 3:38, Al kirjoitti:
>> Any suggestions on what to run on a centos box to verify that the
>> server isn't compromised or being sniffed? Thanks!
>
> rkhunter comes to my mind.

Thanks for the suggestion, any others?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Al <mailinglist@theflux.net> wrote:

>>
Any suggestions on what to run on a centos box to verify that the
server isn't compromised or being sniffed? Thanks!
<<

For "isn't compromised", you need a host integrity verification system like
Tripwire or AIDE (which is in the base repo). Expect to have to tweak the
config to cover the stuff you've got installed.

You can detect sniffing by checking for promiscuous interfaces on the LAN -
use proDETECT (http://sourceforge.net/projects/prodetect/) or a similar
tool for this purpose.

Alternatively, if you have the time and resources, you could run a
full-blown network intrusion detection system like Snort
(http://www.snort.org).

Best,

--- Les Bell
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Feb 18, 2012, at 9:34 PM, Les Bell wrote:

>
> Al <mailinglist@theflux.net> wrote:
>
>>>
> Any suggestions on what to run on a centos box to verify that the
> server isn't compromised or being sniffed? Thanks!
> <<
>
> For "isn't compromised", you need a host integrity verification
> system like
> Tripwire or AIDE (which is in the base repo). Expect to have to
> tweak the
> config to cover the stuff you've got installed.
>
> You can detect sniffing by checking for promiscuous interfaces on
> the LAN -
> use proDETECT (http://sourceforge.net/projects/prodetect/) or a
> similar
> tool for this purpose.
>
> Alternatively, if you have the time and resources, you could run a
> full-blown network intrusion detection system like Snort
> (http://www.snort.org).
>
> Best,
>
> --- Les Bell
> [http://www.lesbell.com.au]
> Tel: +61 2 9451 1144
>
>
Les,

Thanks for the suggestion, I will run through all the methods stated
to me...

> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Feb 18, 2012 10:41 PM, "Al" <mailinglist@theflux.net> wrote:
>
>
> On Feb 18, 2012, at 9:34 PM, Les Bell wrote:
>
> >
> > Al <mailinglist@theflux.net> wrote:
> >
> >>>
> > Any suggestions on what to run on a centos box to verify that the
> > server isn't compromised or being sniffed? Thanks!
> > <<
> >
> > For "isn't compromised", you need a host integrity verification
> > system like
> > Tripwire or AIDE (which is in the base repo). Expect to have to
> > tweak the
> > config to cover the stuff you've got installed.
> >
> > You can detect sniffing by checking for promiscuous interfaces on
> > the LAN -
> > use proDETECT (http://sourceforge.net/projects/prodetect/) or a
> > similar
> > tool for this purpose.
> >
> > Alternatively, if you have the time and resources, you could run a
> > full-blown network intrusion detection system like Snort
> > (http://www.snort.org).
> >
> > Best,
> >
> > --- Les Bell
> > [http://www.lesbell.com.au]
> > Tel: +61 2 9451 1144
> >
> >
> Les,
>
> Thanks for the suggestion, I will run through all the methods stated
> to me...
>
> > _______________________________________________
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

I use OSSEC on all my production systems. Can be configured to block hosts
who trigger known attack patterns.

- Trey
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Al writes:

> Any suggestions on what to run on a centos box to verify that the
> server isn't compromised or being sniffed? Thanks!
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

This is very handy, especially for web servers:
http://www.rfxn.com/projects/linux-malware-detect/

(beware, it's _very_ slow)

--
Nux!
www.nux.ro

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos