Re: protecting against buffer overflow.
You can setup logcheck and cron to check every minute for "suspcious" log
entries (as you define them) and have them emailed to you. Additionally,
you can edit the logcheck.sh file and have it notify you anyway you like.
On 15 Sep 2001, Russell Speed wrote:
> Thanks, I will add that line.
> This box only acts as a firewall and access for my home network, so
> there isn't much on it. I'm just considering the idea of editing the
> pertinent scripts to accomplish that and was wondering if some tried but
> found the task too daunting.
> I guess for backdoors it's really just the current daemons I run right?
> I rebuilt my modules and checked the daemons timestamps.
> What's a good piece of software to monitor for system accesses?
> Something that could send an e-mail the minute it happened would be
> great. I'd still like to have ssh access from the Internet. I could
> handle being notified everytime I "tripped" the software from outside
> since it doesn't happen often.
> Should I report the IP to RBL or something like that?
> On Sat, 2001-09-15 at 13:17, Alberto Gonzalez Iniesta wrote:
> > On Sat, Sep 15, 2001 at 12:51:26PM -0400, Russell Speed wrote:
> > > Should I remove /bin/sh for something less obvious as a general
> > > protection from buffer overflows?
> > >
> > Most shell scripts running on your server call #!/bin/sh, so
> > removing it will get you in lots of trouble ;-)
> > Just try:
> > $ grep "\/bin\/sh" /etc/init.d/*
> > If your software is up-to-date buffer overflows shouldn't be a problem.
> > If you're running Potato, make sure you've this line in
> > /etc/apt/sources.list:
> > deb http://security.debian.org stable/updates main contrib non-free
> > And keep it updated & upgraded
> > Also, if you think your machine was compromised, check for backdoors,
> > modified binaries, etc... Changing passwords may not be enough
> > --
> > Alberto Gonzalez Iniesta
> > firstname.lastname@example.org
> > Give Me Liberty or Give Me Death (Patrick Henry)
> > --
> > To UNSUBSCRIBE, email to email@example.com
> > with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org
> To UNSUBSCRIBE, email to email@example.com
> with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org