Security Basics mailing list archives
Re: process identification
From: Andrew Pretzl <arp () norlight com>
Date: Tue, 4 May 2004 13:57:09 -0500
On 05/04/2004 10:41:06 AM Stijn De Weirdt wrote:
and what can be done against rootkits? (apart from good firewall).
I'd start by loading the OS in a minimal configuration and not using a modular kernel. By compiling the kernel yourself (more work) you can prevent the installation of some of the modular rootkits. Then harden the OS using bastille linux (www.bastille-linux.org). If the system is exposed to the internet without being behind a firewall you may want to consider using iptables. Finish configuring the server & then install the open source version of tripwire and baseline your system. You can set tripwire up to run integrity check via a cron job & have it e-mail the output so you can see if something has changed. Running chkrootkit periodically is a good idea also. If possible, have the server send syslog info to another server in a more secure portion of your network. Good luck! AP --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: process identification, (continued)
- Re: process identification Stijn De Weirdt (May 04)
- Re: process identification Javier Sanchez (May 04)
- Re: process identification Ivan Andres Hernandez Puga (May 04)
- Re: process identification Stijn De Weirdt (May 04)
- Re: process identification Tarun Dua (May 04)
- RE: process identification skill2die4 (May 04)
- RE: process identification Tarun Dua (May 06)
- RE: process identification skill2die4 (May 04)
- Re: process identification Nik Schild (May 04)
- Re: process identification Niek (May 04)
- Re: process identification Stijn De Weirdt (May 04)
- Re: process identification Ivan Coric (May 04)
- Re: process identification Andrew Pretzl (May 06)
- RE: process identification Amin Tora (May 07)