Re: checking security logs
On Tue, Jan 23, 2001 at 04:36:38PM +0100, Rainer Weikusat wrote:
> David Duffey <email@davidduffey.com> writes:
> > I highly suggest portsentry and logcheck,
>
> Avoid portsentry. It's literally uselesss.
Really? I'm not argueing, but I find it very usefull. I know it doesn't
add security (it can be used to automatically ipchains DENY port scanners),
but it gives me information and information is very most valueable
to protect yourself from crackers.
I only have three services accessible to the outside world (www, smtp, and
sshd), I have to focus on the security aspects of those guys, the rest is
watched by portsentry, I'd like to know if someone is trying to ftp to me.
If I should be using something else let me know, I'm always open to
alternatives. Maybe you weren't saying portsentry is always useless, just
useless in this not-well-understood situation?
off topic: I wonder how easy it would be to make debian packages setup into
a chrooted environment, right now I do everything by hand (which tends to
leave the chrooted evironment out-of-date when upgrading packages.
-Duffey
>
> > if none if your services are showing connections then it's probably
> > traffic from port scans.
>
> It's probably something (and that something is, given a reasonably
> configure machine, probably of absolutely no real concern to you).
>
> --
> SIGSTOP
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
David Duffey <email@DavidDuffey.com> 1605 Hillcrest Dr Apt X30
----------------------- Manhattan, KS 66502
(785)395-2630
Reply to: