intrusion detected

Serg Belokamen serg.belokamen at gmail.com
Mon Aug 8 02:41:54 UTC 2005


>  1. What is the Ubuntu equivalent of rpm -Va (as in the command rpm -Va >
> /tmp/rpmVa.log) when I seek to find out what/if any changes have been made?
> I am fairly certain no intrusion has occured, but want to check.
Not sure.
Good way of doing this though would be to generate MD5 sum of every
pkg and then regularly scan and see if sums match. Obviousely keep
that original file safe (not on same machine).

>  2. What tools would you recommend for hardening a Ubuntu box? 
Bastille linux, manual checks, use some common auditing tools to see
your self from outside and manual tuning, ... tripwire, snort,
iptables, regular nmap scans via a script with emailed output, there
are 1000's

>  3. Can these tools be automated to produce a regular report of intrusion
> attempts?
refere above

I think it might be a good choise for you to subscribe to few
secirityfocus.net mailing lists... They are great and will address
this issue in much more detail. There is also a security basics
mailing list that you might take a particular interest in.

Also checkout security application list on insecure.org. It will also
point you in the right direction.




More information about the ubuntu-users mailing list