21 May
2013
21 May
'13
8:02 a.m.
On Sun, May 19, 2013 at 9:29 PM, Philipp Duffner philipp@phphaus.com wrote:
I think I really hit a snag with this one - I have no idea where to go forward from here. I'd appreciate any ideas.
I use aide (akin to tripwire) to keep file signature db. The online db file is immutable but I also keep a copy of it offline (along with sha1sum)
Run aide (the static binary) against the db file to detect changes (if any).
Also rpm -qa --verify will list files whose MD5 sums have changed, not a full proof method.
You may also look at fail2ban, mod_evasive, mod_security (EPEL repo).
--
Arun Khan
Sent from my non-iphone/non-android device
(অরুণ খান্/अरुण खान)