RE: How to set up

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Monitor what? linux activity... ha ha.. don't expect any surprises.
Usually /var/logs/ directory contains syslogs of what's going on but usually it's the innocent services that are logging. Hackers can bypass this or wipe it completely to cover their tracks.
Kernel mode root kits go further by not showing up in the files list or "ps -ef" as well.. the root kit is embedded to the kernel so it blocks what it doesn't want the end user/administrator to see hence they have the freedom to sit there and not be noticed.

So your best bet it to stop it from ever happening at all otherwise it's too late.
I can't stress how important it is to do what Daniel Chemko said as to patch and get the latest of everything. This is really only towards the services you are exposing to the internet. ie. webserver, mail server..etc.etc.. even NATted machines inside must do this.. because they break into a NATted machine then they see everything else inside the network..

Use tripwire to monitor changes in files that shouldn't have been changed.
Find a website who can scan your ports for you.. some do it for free but then you get these annoying emails to purchase their services monthly.. he he (put a block on sendmail for their smtp server. he he)..



-----Original Message-----
From: tr-huso [mailto:tr-huso@xxxxxxxxx]
Sent: Friday, May 23, 2003 11:38 PM
To: Netfilter Mailing List
Subject: How to set up


Hi group.

I'm new to this group, so here is my setup:
A linux box (Red Hat 7.3) that is connected to the www and also works as a 
router for the rest of the network. It also runs an Apache webserver, and will 
also run a proftpd ftp-server soon. 
A Windows XP machine that is used for anything else, connectes to the internet 
through the linux. Thanks to Samba the windows machine has some network 
directories on the linux box.

Now I want to secure this thing, and I also want to log what's happening on 
the linux-box.

I've read a few articles on iptables, and read a few newsgroup-posts related 
to the topic.

I've also seen a few scripts that I might use, if someone can point out which 
one to use, I'm more than happy...

yours,

Trond
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux