On 14/11/2019 16:57, Valeri Galtsev wrote:
On 2019-11-14 10:01, Christopher Wensink wrote:
I have not, I'll look into that one, thanks!
On 11/14/2019 9:48 AM, SternData wrote:
Do you run rkhunter?
On 11/14/19 9:40 AM, Christopher Wensink wrote:
How do you know when a Linux system has been compromised?
I'm sure you have followed the procedure how to install system and
services so everything is secure.
If, in a longer run no matter that you have system set up and configured
securely and keep updating, if still the system gets compromised, then
you need:
1. compromise warming
2. forensic investigation
3. recovery from compromise.
I figure your is about 1. You probably will not get detailed description
of actual setup people on this list have. Information about what the
defense is is the first step in every attack. The best you may get are
the advises of what to look for.
One of the things you can set up is [host based, maybe] system integrity
checking system (or intrusion detection system). That only makes sense
on freshly installed system in known good state. There were a variety of
these: tripwire (which went commercial), eics, ... If you search for
linux intrusion detection system you should find what you need.
I hope, this helps.
Valeri
I would add Trusted Path Execution (TPE) to any sysdamin's toolbox who
cares about security. It's easy to install from elrepo.org (kmod-tpe). I
wrote an overview (below) so won't repeat myself here, but I would
strongly encourage people to try it out:
http://lists.elrepo.org/pipermail/elrepo/2017-June/003620.html
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
