FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 02-19-2012, 12:38 AM
Al
 
Default centos security

Any suggestions on what to run on a centos box to verify that the
server isn't compromised or being sniffed? Thanks!
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-19-2012, 01:07 AM
Donkey Hottie
 
Default centos security

19.2.2012 3:38, Al kirjoitti:
> Any suggestions on what to run on a centos box to verify that the
> server isn't compromised or being sniffed? Thanks!

rkhunter comes to my mind.

--

Don't hate yourself in the morning -- sleep till noon.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-19-2012, 01:18 AM
Al
 
Default centos security

On Feb 18, 2012, at 9:07 PM, Donkey Hottie wrote:

> 19.2.2012 3:38, Al kirjoitti:
>> Any suggestions on what to run on a centos box to verify that the
>> server isn't compromised or being sniffed? Thanks!
>
> rkhunter comes to my mind.

Thanks for the suggestion, any others?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-19-2012, 01:34 AM
"Les Bell"
 
Default centos security

Al <mailinglist@theflux.net> wrote:

>>
Any suggestions on what to run on a centos box to verify that the
server isn't compromised or being sniffed? Thanks!
<<

For "isn't compromised", you need a host integrity verification system like
Tripwire or AIDE (which is in the base repo). Expect to have to tweak the
config to cover the stuff you've got installed.

You can detect sniffing by checking for promiscuous interfaces on the LAN -
use proDETECT (http://sourceforge.net/projects/prodetect/) or a similar
tool for this purpose.

Alternatively, if you have the time and resources, you could run a
full-blown network intrusion detection system like Snort
(http://www.snort.org).

Best,

--- Les Bell
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-19-2012, 03:40 AM
Al
 
Default centos security

On Feb 18, 2012, at 9:34 PM, Les Bell wrote:

>
> Al <mailinglist@theflux.net> wrote:
>
>>>
> Any suggestions on what to run on a centos box to verify that the
> server isn't compromised or being sniffed? Thanks!
> <<
>
> For "isn't compromised", you need a host integrity verification
> system like
> Tripwire or AIDE (which is in the base repo). Expect to have to
> tweak the
> config to cover the stuff you've got installed.
>
> You can detect sniffing by checking for promiscuous interfaces on
> the LAN -
> use proDETECT (http://sourceforge.net/projects/prodetect/) or a
> similar
> tool for this purpose.
>
> Alternatively, if you have the time and resources, you could run a
> full-blown network intrusion detection system like Snort
> (http://www.snort.org).
>
> Best,
>
> --- Les Bell
> [http://www.lesbell.com.au]
> Tel: +61 2 9451 1144
>
>
Les,

Thanks for the suggestion, I will run through all the methods stated
to me...

> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-19-2012, 04:51 AM
Trey Dockendorf
 
Default centos security

On Feb 18, 2012 10:41 PM, "Al" <mailinglist@theflux.net> wrote:
>
>
> On Feb 18, 2012, at 9:34 PM, Les Bell wrote:
>
> >
> > Al <mailinglist@theflux.net> wrote:
> >
> >>>
> > Any suggestions on what to run on a centos box to verify that the
> > server isn't compromised or being sniffed? Thanks!
> > <<
> >
> > For "isn't compromised", you need a host integrity verification
> > system like
> > Tripwire or AIDE (which is in the base repo). Expect to have to
> > tweak the
> > config to cover the stuff you've got installed.
> >
> > You can detect sniffing by checking for promiscuous interfaces on
> > the LAN -
> > use proDETECT (http://sourceforge.net/projects/prodetect/) or a
> > similar
> > tool for this purpose.
> >
> > Alternatively, if you have the time and resources, you could run a
> > full-blown network intrusion detection system like Snort
> > (http://www.snort.org).
> >
> > Best,
> >
> > --- Les Bell
> > [http://www.lesbell.com.au]
> > Tel: +61 2 9451 1144
> >
> >
> Les,
>
> Thanks for the suggestion, I will run through all the methods stated
> to me...
>
> > _______________________________________________
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

I use OSSEC on all my production systems. Can be configured to block hosts
who trigger known attack patterns.

- Trey
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-19-2012, 04:17 PM
 
Default centos security

Al writes:

> Any suggestions on what to run on a centos box to verify that the
> server isn't compromised or being sniffed? Thanks!
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

This is very handy, especially for web servers:
http://www.rfxn.com/projects/linux-malware-detect/

(beware, it's _very_ slow)

--
Nux!
www.nux.ro

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:07 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org