Re: Checking behind the wall

To: Mike Moran <mm@ee.ed.ac.uk>
Cc: Debian Security <debian-security@lists.debian.org>
Subject: Re: Checking behind the wall
From: Tim Haynes <debian@stirfried.vegetable.org.uk>
Date: 01 Jun 2001 13:00:58 +0100
Message-id: <[🔎] 87ae3s2yv9.fsf@straw.pigsty.org.uk>
Reply-to: debian@stirfried.vegetable.org.uk
In-reply-to: <[🔎] 3B177D7E.7080203@ee.ed.ac.uk> (Mike Moran's message of "Fri, 01 Jun 2001 12:33:18 +0100")
References: <[🔎] 3B177D7E.7080203@ee.ed.ac.uk>

Mike Moran <mm@ee.ed.ac.uk> writes:

> Although it is good to have a properly setup firewall, I was wondering
> what else I could do to check that the machines behind it haven't been
> compromised (by an email trojan or the like)?

You can do an awful lot worse than installing AIDE for this sort of thing. 

> I was thinking of setting up a scanner (strobe/nmap/...?) to
> automatically do a scan from a cron and mail the results to me. However,
> is there any existing framework like this that I could leverage?

Have you got a central loghost with logcheck? That might make life a lot
easier (once you get the hang of ignoring stuff :)

If you were to save the results of nmap to disk for posterity, you could
see when they changed with AIDE, above. Funky.

~Tim
-- 
       12:59pm  up 12:34,  3 users,  load average: 0.14, 0.05, 0.02
piglet@stirfried.vegetable.org.uk |The sun is melting over the hills,
http://piglet.is.dreaming.org     |All our roads are waiting / To be revealed

Reply to:

References:
- Checking behind the wall
  - From: Mike Moran <mm@ee.ed.ac.uk>

Prev by Date: Checking behind the wall
Next by Date: Re: Kernal Panic
Previous by thread: Checking behind the wall
Next by thread: Re: Checking behind the wall
Index(es):
- Date
- Thread