[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Security Plan
- Subject: Re: [cobalt-security] Security Plan
- From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
- Date: Tue, 19 Jun 2001 01:28:59 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> * Check Logs (kernel messages, ftp , www etc)
LogCheck from Psionic (same place you get PortSentry) will do this for
you. Configurable so you see only the lines you want to see.
> * Check signature of binaries (for trojans etc.)
TripWire will do this. Get the server the way you want it, completely
tweaked, then run TripWire and create a database. Set up a cron job
for TW to check the machine every so often and compare the results
against the database you made. If it finds anything different, it will
mail the results to you. Alternatively, you can take the database off
of the machine and store it somewhere, and just run TW by hand when
you feel that itch that something might be 'up'.
> * ...and anything else recommended!
IPChains, IPChains, IPChains!!!
Good luck getting it installed, running, and configured. Everyone who
seems to have done this somehow can't seem to explain it in
plain-speech terms to the rest of the world. So instructions on doing
this are either very poor, or so tech-geek laden that you'll need an
entire bottle of acetominophen to get through it.
If someone knows of a good entry-level explanation of IPChains
installation/configuration, I'd love to see the URL (and I'll be
passing it out like crazy, as I get direct mailed this question at
least twice a week).
CarrieB