Re: intrusion detection / logfile reporter

To: "Timo <Blazko> Boewing" <blazko@online.de>
Cc: "Debian User \(en\)" <debian-user@lists.debian.org>
Subject: Re: intrusion detection / logfile reporter
From: Alvin Oga <aoga@Maggie.Linux-Consulting.com>
Date: Sat, 10 Nov 2001 00:24:34 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1011110001350.22292A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 3BEBB374.1000006@online.de>

hi timo

i like to ask more detailed stuff...

here's some simpler answers...
	- as others have said, download and install logcheck or equivalent

-- Debian security howto
	http://www.debian.org/doc/manuals/securing-debian-howto/

-- patch your kernel 
	- add libsafe, ow1, etc

	http://www.Linux-Sec.net/Harden/kernel.gwif.html

-- to detect incoming email virus
	http://www.Linux-Sec.net/server.gwif.html#Mail

-- to detect that a script kiddie added some files to your maohines
   or modified your system
	run tripwire, aide, etc
	do your own checksums, md5 on files oyu care about

	http://www.Linux-Sec.net/IDS/

-- to detect that a script kiddies is scanning your ports
	run snort, ippl, etc

	http://www.Linux-Sec.net/Scanner

-- audit your server for vulnerabilities 
	( at least take a minute and do the simple stuff
	run nmap,nessus

	http://www.Linux-Sec.net/Audit/

-- running log file anaysis is nice...but remember that most script
   kiddies will erase traces of their attacks from the log files
	- send all logs to a secure loghost server

-- to detect that someone has logged in as root
	send yourself email from ~root/.login

-- More server and network security hardening

	http://www.Linux-Sec.net/Harden/

-- lots of fun stuff...


have fun linuxing
alvin
http://www.Linux-1U.net ... 500Gb 1U Raid5 ... 

On Fri, 9 Nov 2001, Timo <Blazko> Boewing wrote:

> Hello all,
> 
> I have some questions regarding system security. Besides of doing 
> filtering with IP tables, disabling inet.d services like telnet, r-tools 
> etc. and setting some general denials in /etc/hosts.deny (plus some 
> other stuff like changing default ports of some demons like sshd), I am 
> looking for some additional security options I can apply to a linux system.
> 
> Especially, I am looking for a not-too-paranoid-to-setup-tool that can 
> review my logfiles and report me via beep and/or local mail that it 
> found something unusual in a log. Does anyone know of such a tool?
> 
> Second, as a more theoretical question, is there any open source project 
> available that can inspect network packages on application level, e.g. 
> to detect virusses etc. (like sandboxes on huge firewall systems).
> 
> 
> I hope not to mix some termini, cos I am not that good in this network 
> stuff...but I hope to learn from your answers. So do not hesitate to 
> post answers 8^).
> 
> Greetings and have a nice weekend,
> 
> Timo
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- intrusion detection / logfile reporter
  - From: "Timo <Blazko> Boewing" <blazko@online.de>

Prev by Date: problem with gnome (mouse can not move)
Next by Date: Problem in my CD-Roms
Previous by thread: Re: intrusion detection / logfile reporter
Next by thread: Re: intrusion detection / logfile reporter
Index(es):
- Date
- Thread