Such as, running regular scans on your boxes to know what is changing...Such as running a log analysis tool like ossec or swatch or logwatch...Such as running some manner of host-based and network-based intrusion detection system, like ossec or tripwire and snort, respectively. Like regularly reviewing your logs and having general awareness of what is going on on your systems. Also running something like rkhunter or chkrootkit.
Plus the mundane stuff, like regularly changing passwords, disabling root logins in ssh, and things like that are all a part of your defensive stance. --b Being familiar enough with your systems and their behavior to know when something 2010/11/28 Nuno Magalhães <nunomagalh...@eu.ipp.pt>: > On Sun, Nov 28, 2010 at 02:45, Brad Alexander <stor...@gmail.com> wrote: >> IMHO, it's another tool in the toolbox. The secret is that you need to >> be using multiple tools, > > Such as? Other than a firewall and maybe antivirus. > Rkhunter? > Tripwire? > Why/not any specific one? What about log analysis? > > -- > Mars 2 Stay! > http://xkcd.com/801/ > /etc > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: > http://lists.debian.org/aanlktinkrvyauz0z+zsfpogqr-nq11cb4rgpvfy+0...@mail.gmail.com > > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlkti=lxos9z-33xuqacqhmn2ujoym0z64zy5bph...@mail.gmail.com
