[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Attempted inside job. A report.

Subject: Re: [cobalt-security] Attempted inside job. A report.
From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
Date: Thu, 20 Sep 2001 09:29:06 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> > I granted that request and tuned my IDS software a little. Just minutes
> after
> > the setup email had been sent (credit card had checked out fine) I got
> paged
> > with the following report from my IDS software:
> >
> > WARNING: --COMPILER ACCESS by user XXXXX!---
>
> What IDS?

Perhaps I should have asked, what IDS's scan for this kind of thing at the
command line? Will snort do this? I don't think it will work with
SSH/encryption, will it?

I'd like to see an IDS that watches the command line, but not of the packet
sniffer variety. Something that logs keystrokes (kindof like a bash_history
typof thing) that will look for certain commands, like SU, or ftp, etc. That
way, whether you use encryption or not, your IDS will pick up those
commands. I think something like this would be much more valuable than a
sniffer-based IDS.

Kevin

Follow-Ups:
- Re: [cobalt-security] Attempted inside job. A report.
  - From: Michael Stauber

References:
- [cobalt-security] Attempted inside job. A report.
  - From: Michael Stauber
- Re: [cobalt-security] Attempted inside job. A report.
  - From: Kevin D

Prev by Date: Re: [cobalt-security] OpenSSH on Raq2 help
Next by Date: Re: [cobalt-security] [RaQ3] Major Panic On Now :<
Previous by thread: Re: [cobalt-security] Attempted inside job. A report.
Next by thread: Re: [cobalt-security] Attempted inside job. A report.

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index