Mike Moran <[EMAIL PROTECTED]> writes:
> Although it is good to have a properly setup firewall, I was wondering
> what else I could do to check that the machines behind it haven't been
> compromised (by an email trojan or the like)?
You can do an awful lot worse than installing AIDE for this sort of thing.
> I was thinking of setting up a scanner (strobe/nmap/...?) to
> automatically do a scan from a cron and mail the results to me. However,
> is there any existing framework like this that I could leverage?
Have you got a central loghost with logcheck? That might make life a lot
easier (once you get the hang of ignoring stuff :)
If you were to save the results of nmap to disk for posterity, you could
see when they changed with AIDE, above. Funky.
~Tim
--
12:59pm up 12:34, 3 users, load average: 0.14, 0.05, 0.02
[EMAIL PROTECTED] |The sun is melting over the hills,
http://piglet.is.dreaming.org |All our roads are waiting / To be revealed
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]