Re: [CentOS] how to know when a system is compromised

2019-11-15 Thread Leroy Tennison
PM To: CentOS mailing list Subject: Re: [CentOS] how to know when a system is compromised Thanks - I'll keep that in mind... Harriscomputer Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com [cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f

Re: [CentOS] how to know when a system is compromised

2019-11-14 Thread Phil Perry
On 14/11/2019 16:57, Valeri Galtsev wrote: On 2019-11-14 10:01, Christopher Wensink wrote: I have not, I'll look into that one, thanks! On 11/14/2019 9:48 AM, SternData wrote: Do you run rkhunter? On 11/14/19 9:40 AM, Christopher Wensink wrote: How do you know when a Linux system has been

Re: [CentOS] how to know when a system is compromised

2019-11-14 Thread Leroy Tennison
Thanks - I'll keep that in mind... From: CentOS on behalf of Chris Adams Sent: Thursday, November 14, 2019 10:57 AM To: centos@centos.org Subject: [EXTERNAL] Re: [CentOS] how to know when a system is compromised Once upon a time, Leroy Tennison said: &

Re: [CentOS] how to know when a system is compromised

2019-11-14 Thread Chris Adams
Once upon a time, Leroy Tennison said: > The executable could be placed on mounted read-only media That's not as secure as you think. Linux bind mounts can mount a file over another file (plus there's overlay filesystems), so it's possible to replace a binary even on a read-only device. -- Ch

Re: [CentOS] how to know when a system is compromised

2019-11-14 Thread Valeri Galtsev
On 2019-11-14 10:01, Christopher Wensink wrote: I have not, I'll look into that one, thanks! On 11/14/2019 9:48 AM, SternData wrote: Do you run rkhunter? On 11/14/19 9:40 AM, Christopher Wensink wrote: How do you know when a Linux system has been compromised? I'm sure you have followed t

[CentOS] how to know when a system is compromised

2019-11-14 Thread Leroy Tennison
14, 2019 9:40 AM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] how to know when a system is compromised How do you know when a Linux system has been compromised? Every day I watch our systems with all the typical tools, ps, top, who, I watch firewall / IPS logs, I have logwatch setup and maili

Re: [CentOS] how to know when a system is compromised

2019-11-14 Thread Christopher Wensink
I have not, I'll look into that one, thanks! On 11/14/2019 9:48 AM, SternData wrote: > Do you run rkhunter? > > On 11/14/19 9:40 AM, Christopher Wensink wrote: >> How do you know when a Linux system has been compromised?  >> >> Every day I watch our systems with all the typical tools, ps, top, who

Re: [CentOS] how to know when a system is compromised

2019-11-14 Thread SternData
Do you run rkhunter? On 11/14/19 9:40 AM, Christopher Wensink wrote: > How do you know when a Linux system has been compromised?  > > Every day I watch our systems with all the typical tools, ps, top, who, > I watch firewall / IPS logs, I have logwatch setup and mailing daily > summaries to me an

[CentOS] how to know when a system is compromised

2019-11-14 Thread Christopher Wensink
How do you know when a Linux system has been compromised?  Every day I watch our systems with all the typical tools, ps, top, who, I watch firewall / IPS logs, I have logwatch setup and mailing daily summaries to me and I dive deeper into logs if something looks suspicious. What am I missing or n