On Feb 18, 2012 10:41 PM, "Al" mailinglist@theflux.net wrote:
On Feb 18, 2012, at 9:34 PM, Les Bell wrote:
Al mailinglist@theflux.net wrote:
Any suggestions on what to run on a centos box to verify that the server isn't compromised or being sniffed? Thanks! <<
For "isn't compromised", you need a host integrity verification system like Tripwire or AIDE (which is in the base repo). Expect to have to tweak the config to cover the stuff you've got installed.
You can detect sniffing by checking for promiscuous interfaces on the LAN - use proDETECT (http://sourceforge.net/projects/prodetect/) or a similar tool for this purpose.
Alternatively, if you have the time and resources, you could run a full-blown network intrusion detection system like Snort (http://www.snort.org).
Best,
--- Les Bell [http://www.lesbell.com.au] Tel: +61 2 9451 1144
Les,
Thanks for the suggestion, I will run through all the methods stated to me...
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I use OSSEC on all my production systems. Can be configured to block hosts who trigger known attack patterns.
- Trey