Re: Buscar rootkis o cosas raras.
On 4/26/05, Emilio <emivan@terra.es> wrote:
> Yo conozco el chkrootkit.
> Echale un vistazo a ver que tal.
> Mira tambien el tripwire, pero eso mas que para descrubrir, es para
> prevenir, ya que lo que hace es hacer una base de datos con tus archivos
> y si son modificados, te lo indica.
>
> Un saludo
>
> El mar, 26-04-2005 a las 11:27 -0300, Leo escribió:
> > Hola Lista.
> >
> > Hay algún soft que sirva para buscar rootkits o cosas "raras" en un equipo?
> >
> > O al menos que que indice en que puntos habría que mejorar la seguridad?
> >
> > Muchas Gracias.
> >
> >
> > Salu2.
> >
> > --- Dat1.net ---
> > [Este mail fue controlado con Declude Virus/F-Prot]
> >
> >
>
>
Aunque no relaccionado con rootkits, sí lo está con la seguridad:
Tiger:
Report system security vulnerabilities
TIGER, or the 'tiger' scripts, is a set of Bourne shell
scripts, C programs and data files which are used to perform
a security audit of UNIX systems. TIGER has one primary goal:
report ways 'root' can be compromised.
.
Debian's TIGER incorporates new checks primarily oriented towards
Debian distribution including: md5sums checks of installed files,
location of files not belonging to packages, check of security
advisories and analysis of local listening processes.
Bastille:
Bastille Linux is a security hardening program for GNU/Linux.
It increases the security of the system either by disabling
services (if they are not necessary) or by altering their
configuration.
.
If run in the (recommended) Interactive mode, Bastille
educates the administrator during the hardening process:
in each step of the process, extensive descriptions are
given of what security issues are involved. Each step is
optional. If run in the quicker Automated mode, Bastille
hardens the system according the profile chosen.
harden:
Makes your system hardened
This package is intended to help the administrator to improve
the security of the system, or at least make the host less susceptible.
.
NOTE! This package will not make your system uncrackable, and it is
not intended to do so. Making your system secure involves a LOT
more than just installing a package. You are recommended to read at
least some documents in addition to installing this package. The documents
can be found in the harden-doc package. This is of course just a start
because there are LOT of information on how to make your system more secure.
Concretamente, hay distintos paquetes relativos a harden:
apt-cache search harden
bastille - Security hardening tool
harden - Makes your system hardened
harden-clients - Avoid clients that are known to be insecure
harden-development - Development tools for creating more secure programs
harden-doc - Useful documentation to secure a Debian system
harden-environment - Hardened system environment
harden-nids - Harden a system by using a network intrusion detection system
harden-remoteaudit - Audit your remote systems from this host
harden-servers - Avoid servers that are known to be insecure
harden-surveillance - Check services and/or servers automatically
harden-tools - Tools to enhance or analyze the security of the local system
Además te interesaría instalar algún IDS del tipo snort:
Flexible Network Intrusion Detection System
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.
Estas herraminetas, junto las que te han comentado más arriba, están
bien para empezar. Pero lo mejor como siempre, es leer, leer y leer un
poco más.
Ya sabes: RTFM! ;-)
Reply to: