David If you find Tripwire a bit much to install you might look at Snort (from freshmeat) it's a little less of a hassle to install and is on par with the free version of TripWire.
James On Sat, 27 Jul 2002 16:52:00 -0700 (PDT) "David Guntner" <[EMAIL PROTECTED]> wrote: > David Oberbeck grabbed a keyboard and wrote: > > > > On Saturday 27 July 2002 14:18, David Guntner Wrote Thusly: > >> > >> Any other thoughts on the subject? Or is it just time to > >> "push the button, Max?" (Probably no one will get the joke, > >> but I'm sure you understand the meaning... :) > > > > Up Max, UUUUUUpppppp Max! > > - Professor Fate, The Great Race > > LOL! I really didn't figure that anyone here would get that. > :-) > > > But seriously, do you have tripwire running on a fixed > > medium (e.g. the > > Tripwire database on a CD-ROM)? Do you have tripwire running > > at all? > > No, I don't. Tell me about Tripwire. What is it, how does it > work, where can I get it? Oh yea, and will it help keep me from > having to wipe and reinstall again in the future? :-) > > Are other, "softer" systems (e.g. Windows running LookOut) > > connected to the suspect box with trusted access (this might > > be a way for someone to get in). > > There's a Windows 98SE computer on the same network (I'm behind > a DSL broadband router, and both machines are connected via a > switch). However, I don't think there's any "trusted" access > going on there. I don't even have Samba running on the Linux > box, although I do have my C: and D: drive mounted (type smbfs > on the mount command) on the Linux box so that I can copy files > easily from the Windows box to the Linux box when I'm logged in > to the Linux box. Other than that, no direct contact is made > between them. > > Basically, the correct paranoid response is if you are not > > sure, wipe it. > > Yea, that's what I was afraid of. I was just hoping that > someone could give me another plausable reason why two entries > would have been deleted from wtmp. > My other response (at least for the time being) has been to > configure the DSL router to no longer forward incoming > connections on ports 20-22 to the Linux box, to cut off access > to services that let you log in. And I've moved the ssh port to > another non-standard port (and configured the sshd config file > to listen on that port, of course) so that I can still log in > remotely if needed. I'll probably leave it like that after the > dust has settled from this as well.... > > While this level of paranoia is not for everybody, it works > > for me. > > Unfortunately, I'm paranoid enough about this kind of thing to > realize that it's needed. I just hate the time it takes to do > it.... :-/> Good luck with this. > > > > HTH, > > DGO > > Thanks. And do fill me in on Tripwire; you've got me curious. > > --Dave > > > > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com