|
Softwares          |
Main /
LinuxServerIntrusionDetectionMain.LinuxServerIntrusionDetection HistoryHide minor edits - Show changes to output Added lines 1-3:
(:Google1:) (:Googlemm:) ---- Changed lines 64-65 from:
to:
---- (:Googletxt:) Added lines 44-54:
/ ext2 defaults,errors=remount-ro 0 1 none swap sw 0 0 /proc proc defaults 0 0 /boot ext2 ro,noauto,nouser,noexec,nosuid,nodev 0 2 /usr ext2 ro,nodev 0 2 /usr/local ext2 defaults 0 2 /var ext2 rw,nosuid,nodev 0 2 /tmp ext2 rw,nosuid,nodev 0 2 /home ext2 rw,nosuid,nodev 0 2 /mnt/floppy ext2 noauto Changed lines 5-14 from:
to:
*Failed log-in attempts *Analyize system files, $HOME/ directory such as $HOME/.bashrc for modified $PATH entries, as well as changes in system configuration files in /etc *suid and sgid files on the system *Use last, lastcomm, and netstat commands *system is compromised, you can use the command: Changed lines 17-18 from:
to:
*The RPM database will need to be archived Changed lines 22-25 from:
to:
*archive /bin/rpm executable also *List of the most recently modified files with the following command. Changed lines 28-29 from:
to:
*find all setuid and setgid programs on your system: Changed lines 32-33 from:
to:
*locate all world-writable files on your system, Changed lines 36-37 from:
to:
*locate files on your system that do not have an owner, or group Changed lines 40-51 from:
to:
*Use the nosuid option in /etc/fstab *use nodev and noexec on user's home partitions, as well as /var, which prohibits execution of programs, and creation of character or block devices *control the per-user limits using the resource-limits PAM module and /etc/pam.d/limits.conf */var/log/wtmp and /var/run/utmp files contain the login records for all users on your system, should also have 644 permissions Changed lines 15-51 from:
to:
root# rpm -Va #The RPM database will need to be archived /var/lib/rpm/fileindex.rpm and /var/lib/rpm/packages.rpm #archive /bin/rpm executable also #List of the most recently modified files with the following command. /usr/bin/find / -ctime -1 -print #find all setuid and setgid programs on your system: find / -type f -perm +6000 -ls # locate all world-writable files on your system, find / -perm -2 ! -type l -ls #locate files on your system that do not have an owner, or group find / -nouser -o -nogroup #Use the nosuid option in /etc/fstab #use nodev and noexec on user's home partitions, as well as /var, which prohibits execution of programs, and creation of character or block devices #control the per-user limits using the resource-limits PAM module and /etc/pam.d/limits.conf #/var/log/wtmp and /var/run/utmp files contain the login records for all users on your system, should also have 644 permissions Added lines 1-15:
%red% Linux Server Intrusion Detection %blue%Indications #Failed log-in attempts #Analyize system files, $HOME/ directory such as $HOME/.bashrc for modified $PATH entries, as well as changes in system configuration files in /etc # suid and sgid files on the system #Use last, lastcomm, and netstat commands #system is compromised, you can use the command: root# rpm -Va |