My 2 cents : OSSEC is quite good at actively blocking attackers in situations like this.
2011/5/8 Jason Pyeron jpyeron@pdinc.us
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Jason Sent: Sunday, May 08, 2011 15:02 To: CentOS mailing list Subject: Re: [CentOS] Am I being to paranoid?
Hi Russ,
- Is there a better way to right these rules?
I wrote about my approch some time ago ...
http://orcorc.blogspot.com/2010/06/reading-logs-part-3-run-your-update
s.html
Send them safely off your box, and back home
I read your article and It seems we are doing the same thing? Is there a benefit I dont understand to use your approach versus the one I am using already?
The point you missed was that he packaged the conf gile as a RPM and then added it to his local yum repo, so all his machines would get it durring the update cycle.
Is it true that you can to (.*) to handle easier matching?
Say phpmyadmin, phpadmin, php-myadmin
Could I do something like: RewriteCond %{REQUEST_URI} ^/php(.*) [NC,OR] and that would handle all of them?
-Jason _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
--
-- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos