[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: My server catched a rootkit?

Such as, running regular scans on your boxes to know what is
changing...Such as running a log analysis tool like ossec or swatch or
logwatch...Such as running some manner of host-based and network-based
intrusion detection system, like ossec or tripwire and snort,
respectively. Like regularly reviewing your logs and having general
awareness of what is going on on your systems. Also running something
like rkhunter or chkrootkit.

Plus the mundane stuff, like regularly changing passwords, disabling
root logins in ssh, and things like that are all a part of your
defensive stance.

--b

Being familiar enough with your systems and their behavior to know
when something

2010/11/28 Nuno Magalhães <nunomagalhaes@eu.ipp.pt>:
> On Sun, Nov 28, 2010 at 02:45, Brad Alexander <storm16@gmail.com> wrote:
>> IMHO, it's another tool in the toolbox. The secret is that you need to
>> be using multiple tools,
>
> Such as? Other than a firewall and maybe antivirus.
> Rkhunter?
> Tripwire?
> Why/not any specific one? What about log analysis?
>
> --
> Mars 2 Stay!
> http://xkcd.com/801/
> /etc
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] AANLkTinkRvYAUz0z+ZsfpoGqR-Nq11cB4rgPVfY+05uK@mail.gmail.com">http://lists.debian.org/[🔎] AANLkTinkRvYAUz0z+ZsfpoGqR-Nq11cB4rgPVfY+05uK@mail.gmail.com
>
>
Reply to: