Re: Checking behind the wall
Mike Moran <mm@ee.ed.ac.uk> writes:
> Although it is good to have a properly setup firewall, I was wondering
> what else I could do to check that the machines behind it haven't been
> compromised (by an email trojan or the like)?
You can do an awful lot worse than installing AIDE for this sort of thing.
> I was thinking of setting up a scanner (strobe/nmap/...?) to
> automatically do a scan from a cron and mail the results to me. However,
> is there any existing framework like this that I could leverage?
Have you got a central loghost with logcheck? That might make life a lot
easier (once you get the hang of ignoring stuff :)
If you were to save the results of nmap to disk for posterity, you could
see when they changed with AIDE, above. Funky.
~Tim
--
12:59pm up 12:34, 3 users, load average: 0.14, 0.05, 0.02
piglet@stirfried.vegetable.org.uk |The sun is melting over the hills,
http://piglet.is.dreaming.org |All our roads are waiting / To be revealed
Reply to: