System back together again

[Doug Sweetser]

Hello:

My system is back, and a bit more paranoid than before.  I don't have
the personality to invest too heavily in security.  From that
perspective, my ultimate strategy is to backup data to cd, and be
willing to wipe the disks and reinstall.  Now that I have notes, that
should take less time.

Since rebuilding does take a big block of time, I worked my way
through bastille.  It was quite educational.  It comes with an
interactive way to setup a firewall.  Having never built one, my first
attempt was in error, making it impossible to ssh to the machines on
my local network.  A bit more trial and error has restored all the
function.  bastille also assists in setting up psad, a port scan
attack detector.  It should send me email should someone goes knocking
on various ports (which can be listed with nmap localhost).

Tripwire has been installed.  My Perl script for doing backups writes
the database stored in /var/lib/tripwire to the cd.  If tripwire
catches files changed, it will be time to rebuild.

The site http://www.chkrootkit.org/ has tools for looking for
compromised programs.  It found a few that I had missed with my manual
inspection.  It likes the current set of programs.  This group
monitors what rootkits can do, so it is a good program to know about.


doug