Re: how to know when a system is compromised

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 14/11/2019 16:57, Valeri Galtsev wrote:


On 2019-11-14 10:01, Christopher Wensink wrote:
I have not, I'll look into that one, thanks!

On 11/14/2019 9:48 AM, SternData wrote:
Do you run rkhunter?

On 11/14/19 9:40 AM, Christopher Wensink wrote:
How do you know when a Linux system has been compromised?

I'm sure you have followed the procedure how to install system and services so everything is secure.

If, in a longer run no matter that you have system set up and configured securely and keep updating, if still the system gets compromised, then you need:

1. compromise warming
2. forensic investigation
3. recovery from compromise.

I figure your is about 1. You probably will not get detailed description of actual setup people on this list have. Information about what the defense is is the first step in every attack. The best you may get are the advises of what to look for.

One of the things you can set up is [host based, maybe] system integrity checking system (or intrusion detection system). That only makes sense on freshly installed system in known good state. There were a variety of these: tripwire (which went commercial), eics, ... If you search for linux intrusion detection system you should find what you need.

I hope, this helps.

Valeri


I would add Trusted Path Execution (TPE) to any sysdamin's toolbox who cares about security. It's easy to install from elrepo.org (kmod-tpe). I wrote an overview (below) so won't repeat myself here, but I would strongly encourage people to try it out:

http://lists.elrepo.org/pipermail/elrepo/2017-June/003620.html

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux