On Feb 18, 2012 10:41 PM, "Al" <mailinglist at theflux.net> wrote: > > > On Feb 18, 2012, at 9:34 PM, Les Bell wrote: > > > > > Al <mailinglist at theflux.net> wrote: > > > >>> > > Any suggestions on what to run on a centos box to verify that the > > server isn't compromised or being sniffed? Thanks! > > << > > > > For "isn't compromised", you need a host integrity verification > > system like > > Tripwire or AIDE (which is in the base repo). Expect to have to > > tweak the > > config to cover the stuff you've got installed. > > > > You can detect sniffing by checking for promiscuous interfaces on > > the LAN - > > use proDETECT (http://sourceforge.net/projects/prodetect/) or a > > similar > > tool for this purpose. > > > > Alternatively, if you have the time and resources, you could run a > > full-blown network intrusion detection system like Snort > > (http://www.snort.org). > > > > Best, > > > > --- Les Bell > > [http://www.lesbell.com.au] > > Tel: +61 2 9451 1144 > > > > > Les, > > Thanks for the suggestion, I will run through all the methods stated > to me... > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos I use OSSEC on all my production systems. Can be configured to block hosts who trigger known attack patterns. - Trey