[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Fcheck

Subject: Re: [cobalt-security] Fcheck
From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
Date: Mon, 8 Oct 2001 14:46:11 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Include everything, then screen things as you find out what changes normal
operations generate. This ensures that you are as protected as possible and
it also helps to familiarize you with what files control what.

And don't exclude all of /home, just /home/sites, /home/mail, and the quota
and pgsql database files. Of course you're going to want to exclude the /tmp
directories, etc.

I set up two fcheck processes - one monitors configuration changes, as those
are only made in house, and the other monitors changes to binaries (ie
everything else). That way, if a config file changes after hours, I know
something is up.

Kevin

----- Original Message -----
From: "James Mackay" <jjma@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Saturday, October 06, 2001 1:26 PM
Subject: [cobalt-security] Fcheck


>
> When editing the fcheck.cfg file what directory would you need to include
for monitoring purposes. I am tempted to load the lot
> apart from /home but think it might be overkill..
>
> thanks
>
> Ja
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

References:
- [cobalt-security] Fcheck
  - From: James Mackay

Prev by Date: [cobalt-security] RE: After SSH install
Next by Date: RE: [cobalt-security] After SSH install...
Previous by thread: [cobalt-security] Fcheck
Next by thread: [cobalt-security] Fcheck

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index