Re: Things to watch on my server
"vdongen" <vdongen@hetisw.nl> writes:
> You could run logcheck, which instead of reading the logs mails you
> entries that are "unusual" or "attempted break ins"
OK, my thoughts:
a) use syslog-ng to filter firewall events into a separate firewall.log;
b) use fwlogwatch to generate HTML tables of what's going off and mail you
summaries every day;
c) push all log entries out to a separate loghost if possible, too;
d) install AIDE and get that to mail nightly;
e) keep an eye on <http://www.linuxsecurity.com/> and other sundry
security-related sites.
~Tim
--
<http://spodzone.org.uk/>
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: