At 11:11 AM 8/28/2003 -0500, you wrote:
>"Wimprine, Thomas" <twimprine@stei.com> writes:
>
>oh. and tw won't do you any good if you're already hacked. Don't trust
>chkrootkit. check your sendmail version and redhat's security alerts
>and make sure you haven't been running any known exposed vulnerabilies.
I'm with Scott on this.
1. Use AIDE. I run it often. I've used Tripwire, and like it, but man it's
a rascal to deal with.
2. Verify your system files by checking the RPM checksums from your
installation CD against the installed RPMs. That will give you a decent
start on verifying file integrity.
3. You can do a diff between what an RPM on the CD says should be in a
directory and what is actually there. That will let you know of new files
that shouldn't be there. (Or might have been installed by you later on.)
4. sendmail is poop. You have to update the darn thing too often. Use qmail
or Postfix on your gateway mail server.
Okay, Scott didn't say #4, but I know he was thinking it!
--- Dustin Puryear <dustin@puryear-it.com> Puryear Information Technology, LLC <http://www.puryear-it.com> Providing expertise in the management, integration, and security of Windows and UNIX systems, networks, and applications. ___________________ Nolug mailing list nolug@nolug.orgReceived on 08/28/03
This archive was generated by hypermail 2.2.0 : 12/19/08 EST