Re: protecting against buffer overflow.

To: Russell Speed <rspeed@home-eh.com>
Cc: <debian-security@lists.debian.org>
Subject: Re: protecting against buffer overflow.
From: Rishi L Khan <rishi@UDel.Edu>
Date: Sat, 15 Sep 2001 17:25:04 -0400 (EDT)
Message-id: <[🔎] Pine.SOL.4.31.0109151723430.8055-100000@copland.udel.edu>
In-reply-to: <[🔎] 1000575017.1207.38.camel@rover>

You can setup logcheck and cron to check every minute for "suspcious" log
entries (as you define them) and have them emailed to you. Additionally,
you can edit the logcheck.sh file and have it notify you anyway you like.

		-rishi

On 15 Sep 2001, Russell Speed wrote:

> Thanks, I will add that line.
>
> This box only acts as a firewall and access for my home network, so
> there isn't much on it.  I'm just considering the idea of editing the
> pertinent scripts to accomplish that and was wondering if some tried but
> found the task too daunting.
>
> I guess for backdoors it's really just the current daemons I run right?
> I rebuilt my modules and checked the daemons timestamps.
>
> What's a good piece of software to monitor for system accesses?
> Something that could send an e-mail the minute it happened would be
> great.  I'd still like to have ssh access from the Internet.  I could
> handle being notified everytime I "tripped" the software from outside
> since it doesn't happen often.
>
> Should I report the IP to RBL or something like that?
>
> Russell
>
>
> On Sat, 2001-09-15 at 13:17, Alberto Gonzalez Iniesta wrote:
> > On Sat, Sep 15, 2001 at 12:51:26PM -0400, Russell Speed wrote:
> > > Should I remove /bin/sh for something less obvious as a general
> > > protection from buffer overflows?
> > >
> >
> > Most shell scripts running on your server call #!/bin/sh, so
> > removing it will get you in lots of trouble  ;-)
> > Just try:
> > $ grep "\/bin\/sh" /etc/init.d/*
> >
> > If your software is up-to-date buffer overflows shouldn't be a problem.
> > If you're running Potato, make sure you've this line in
> > /etc/apt/sources.list:
> >
> > deb http://security.debian.org stable/updates main contrib non-free
> >
> > And keep it updated & upgraded
> >
> > Also, if you think your machine was compromised, check for backdoors,
> > modified binaries, etc... Changing passwords may not be enough
> >
> > --
> > Alberto Gonzalez Iniesta
> > agi@agi.as
> >
> > Give Me Liberty or Give Me Death (Patrick Henry)
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- Re: protecting against buffer overflow.
  - From: Russell Speed <rspeed@home-eh.com>

Prev by Date: Re: protecting against buffer overflow.
Next by Date: Re: protecting against buffer overflow.
Previous by thread: Re: protecting against buffer overflow.
Next by thread: Re: protecting against buffer overflow.
Index(es):
- Date
- Thread