Re: Things to watch on my server

To: "vdongen" <vdongen@hetisw.nl>
Cc: "D.J. Bolderman" <dick@bolderman.xs4all.nl>;, debian-security@lists.debian.org
Subject: Re: Things to watch on my server
From: Tim Haynes <debian@stirfried.vegetable.org.uk>
Date: 07 Jun 2002 15:02:15 +0100
Message-id: <[🔎] 86hekfkx08.fsf@potato.vegetable.org.uk>
Reply-to: debian-reply@stirfried.vegetable.org.uk
In-reply-to: <[🔎] 20020607132721.E1527B81AF@borg.kabelfoon.nl>
References: <[🔎] 20020607132721.E1527B81AF@borg.kabelfoon.nl>

"vdongen" <vdongen@hetisw.nl> writes:

> You could run logcheck, which instead of reading the logs mails you 
> entries that are "unusual" or "attempted break ins"

OK, my thoughts:
a) use syslog-ng to filter firewall events into a separate firewall.log;
b) use fwlogwatch to generate HTML tables of what's going off and mail you
summaries every day;
c) push all log entries out to a separate loghost if possible, too;

d) install AIDE and get that to mail nightly;

e) keep an eye on <http://www.linuxsecurity.com/> and other sundry
security-related sites.

~Tim
-- 
<http://spodzone.org.uk/>


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: Things to watch on my server
  - From: "vdongen" <vdongen@hetisw.nl>

Prev by Date: RE: ROUTEUR ET IDENTD
Next by Date: pop spool-dir issue with qpopper
Previous by thread: Re: Things to watch on my server
Next by thread: ROUTEUR ET IDENTD
Index(es):
- Date
- Thread