 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Matthew Gillen wrote: > You mean like tripwire? That wouldn't have necessarily detected anything, > unless a root-kit was installed in such a way as to replace system binaries. > But I doubt they'd bother with that unless the attacker was looking for > something very specific (ie they have a user targeted and want his password, > so they replace the 'login' program). Typical script kiddies just want to > install an irc-bot or spam-server, and won't mess with the rest of the > system once they have root access. Tripwire et al can monitor config file changes, too. In that case, it would have helped. Another thing I need to work out on my end is simply looking at the server and its logfiles more often. I used to use the one box for firewall, server, and workstation. I got a laptop a while ago, and use that as my workstation, so I'm not sitting in front of the box as much. I need to set up a logfile monitor. I was also thinking of putting /etc in subversion and running svn st every now and then and sending the results to an email. I've always been afraid that some admin program (or the /etc/rc* directories) would choke on the .svn directories, but I think it's worth a try. Anyone ever do that? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
