hi timo
i like to ask more detailed stuff...
here's some simpler answers...
- as others have said, download and install logcheck or equivalent
-- Debian security howto
http://www.debian.org/doc/manuals/securing-debian-howto/
-- patch your kernel
- add libsafe, ow1, etc
http://www.Linux-Sec.net/Harden/kernel.gwif.html
-- to detect incoming email virus
http://www.Linux-Sec.net/server.gwif.html#Mail
-- to detect that a script kiddie added some files to your maohines
or modified your system
run tripwire, aide, etc
do your own checksums, md5 on files oyu care about
http://www.Linux-Sec.net/IDS/
-- to detect that a script kiddies is scanning your ports
run snort, ippl, etc
http://www.Linux-Sec.net/Scanner
-- audit your server for vulnerabilities
( at least take a minute and do the simple stuff
run nmap,nessus
http://www.Linux-Sec.net/Audit/
-- running log file anaysis is nice...but remember that most script
kiddies will erase traces of their attacks from the log files
- send all logs to a secure loghost server
-- to detect that someone has logged in as root
send yourself email from ~root/.login
-- More server and network security hardening
http://www.Linux-Sec.net/Harden/
-- lots of fun stuff...
have fun linuxing
alvin
http://www.Linux-1U.net ... 500Gb 1U Raid5 ...
On Fri, 9 Nov 2001, Timo <Blazko> Boewing wrote:
> Hello all,
>
> I have some questions regarding system security. Besides of doing
> filtering with IP tables, disabling inet.d services like telnet, r-tools
> etc. and setting some general denials in /etc/hosts.deny (plus some
> other stuff like changing default ports of some demons like sshd), I am
> looking for some additional security options I can apply to a linux system.
>
> Especially, I am looking for a not-too-paranoid-to-setup-tool that can
> review my logfiles and report me via beep and/or local mail that it
> found something unusual in a log. Does anyone know of such a tool?
>
> Second, as a more theoretical question, is there any open source project
> available that can inspect network packages on application level, e.g.
> to detect virusses etc. (like sandboxes on huge firewall systems).
>
>
> I hope not to mix some termini, cos I am not that good in this network
> stuff...but I hope to learn from your answers. So do not hesitate to
> post answers 8^).
>
> Greetings and have a nice weekend,
>
> Timo
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
