Security Basics mailing list archives
finding bad things and centralizing security
From: "Strider" <strider () chatcircuit com>
Date: Mon, 21 Apr 2003 18:59:35 -0500 (Central Daylight Time)
I manage 10 servers, each hosting a large number of virtual servers using cPanel. The service is growing fairly rapidly so I need to know the best way to centralize management of the security and the services on the servers, such as periodic security security audits, monitoring processes (such as server daemons), generate reports, so on and so forth. Snort is great for reporting intrusion attempts, and tripwire for reporting unusual filesystem activity, but not when you get several to sift through. I've seen many, such as demarc's puresecure, but I am on a tight budget. Also, the "finding bad things" part of this email, lately we've been hit with users who are installing scripts with the purpose of exploiting their bugs, and installing things like bindtty and cgi.pl (a shell through cgi script), in order to do other bad things, including root attempts (albeit unsuccessful). Is there a way to scan for these things and have either some kind of automated action or a report sent via email? What I'd like to scan for is the bugged scripts as well as the exploits (similar to chkrootkit, except including the site scripts). Thanks in advance. Beau (Strider) Steward strider () chatcircuit com http://www.arteryplanet.net http://www.chatcircuit.com --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ----------------------------------------------------------------------------
Current thread:
- finding bad things and centralizing security Strider (Apr 22)