On Feb 18, 2012 10:41 PM, "Al" <mailinglist@xxxxxxxxxxx> wrote:
>
>
> On Feb 18, 2012, at 9:34 PM, Les Bell wrote:
>
> >
> > Al <mailinglist@xxxxxxxxxxx> wrote:
> >
> >>>
> > Any suggestions on what to run on a centos box to verify that the
> > server isn't compromised or being sniffed? Thanks!
> > <<
> >
> > For "isn't compromised", you need a host integrity verification
> > system like
> > Tripwire or AIDE (which is in the base repo). Expect to have to
> > tweak the
> > config to cover the stuff you've got installed.
> >
> > You can detect sniffing by checking for promiscuous interfaces on
> > the LAN -
> > use proDETECT (http://sourceforge.net/projects/prodetect/) or a
> > similar
> > tool for this purpose.
> >
> > Alternatively, if you have the time and resources, you could run a
> > full-blown network intrusion detection system like Snort
> > (http://www.snort.org).
> >
> > Best,
> >
> > --- Les Bell
> > [http://www.lesbell.com.au]
> > Tel: +61 2 9451 1144
> >
> >
> Les,
>
> Thanks for the suggestion, I will run through all the methods stated
> to me...
>
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > http://lists.centos.org/mailman/listinfo/centos
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
I use OSSEC on all my production systems. Can be configured to block hosts
who trigger known attack patterns.
- Trey
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
