[CentOS] security breach - ftp?

Tue May 21 06:02:50 UTC 2013
Arun Khan <knura9 at gmail.com>

On Sun, May 19, 2013 at 9:29 PM, Philipp Duffner <philipp at phphaus.com> wrote:
>
> I think I really hit a snag with this one - I have no idea where to go
> forward from here.
> I'd appreciate any ideas.
>

I use aide (akin to tripwire) to keep file signature db.   The online
db file is immutable but I also keep a copy of it offline (along with
sha1sum)

Run aide (the static binary) against the db file to detect changes (if any).

Also rpm -qa --verify will list files whose MD5 sums have changed, not
a full proof method.

You may also look at fail2ban, mod_evasive, mod_security (EPEL repo).

-- 
Arun Khan
Sent from my non-iphone/non-android device
(অরুণ খান্/अरुण खान)