Re: How to detect whether your machine is compromised?
On Oct 5, 8:10 pm, Raj Kiran Grandhi <grajki...@gmail.com> wrote:
> Hi,
>
> Thanks to everyone for contributing several tips. I am looking forward
> to a highly educating weekend :) Here is a summary of packages that were
> suggested in the various replies:
>
> aide: Advanced Intrusion Detection Environment - static binary
> bastille: Security hardening tool
> chkrootkit: Checks for signs of rootkits on the local system
> denyhosts: an utility to help sys admins thwart ssh hackers
> fail2ban: bans IPs that cause multiple authentication errors
> harden: Makes your system hardened
> iftop: displays bandwidth usage information on an network interface
> iptraf: Interactive Colorful IP LAN Monitor
> logcheck: mails anomalies in the system logfiles to the administrator
> ntop: display network usage in top-like format
> rkhunter: rootkit, backdoor, sniffer and exploit scanner
> tiger: Report system security vulnerabilities
> tripwire: file and directory integrity checker
>
> Thanks
> Raj Kiran
>
> --
> To UNSUBSCRIBE, email to debian-user-REQU...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
This is one of the best threads I ever read. I took a basic course
in linux security and I stiil feel that I've only scratched the
surface. I would say the most important thing is to learn your
system inside out. You don't know where you're vulnerable until you
know what server opens what port.
I'm not a linux guru but I felt more vulnerable on my windows
box. It's behavior varied emensly and I always wndered what was
going on. Most viruses, to the best of my knowledge, are writter for
Windows. My wife hates linux because of all our security pop-up but
these are a good thing annd remind us to stay alert. I would also add
that there's nothing like a good password annd unusual username -- the
first wall of defense.
That's my 2 sennses.
Chris
Reply to: