OT: Linux tip
Bill Campbell
bill at celestial.com
Thu Oct 18 14:29:04 PDT 2007
On Thu, Oct 18, 2007, Fairlight wrote:
>Four score and seven years--eh, screw that!
>At about Thu, Oct 18, 2007 at 01:58:37PM -0700,
>Bill Campbell blabbed on about:
>> It could very easily be modified to do the scanning by reading
>> the directory entries, which is what I do with most of the python
>> scripts I'm writing now. It currently depends on the ``file''
>> command, but I think there's a perl module for that as well.
>
>I have a perl recursive traversal routine that is part of flpaa. It
>handles symlinks properly as well. Wrote my own, no module.
>
>> Fairlight mentioned greping for LISTEN, but I've often found that the IRC
>> bots aren't listening for general connections. They make connections back
>> to a master controller, then are run from that machine.
>
>IRC bots won't listen, they'll be connected to the server. What I check
>LISTEN for are custom ssh/telnet/other daemons that may have set up shoppe.
>In some cases, whole irc servers have been secretly installed. Or an
>employee decided the production machine was a good place for a MUD.
>*eyeroll*
IMHO, the keys to keeping *nix systems secured are:
1. Security must be an ingrained policy, supported from the highest
levels of a company, not a tacked-on afterthought.
2. Intrusion detection software that keeps track of all the critical
attributes of critical files on the system including mode, ownership,
and md5 and sha1 digests of the files.
3. Log watching routines such as swatch or fail2ban that notify of
intrusion attempts,
4. Allow remote access only via secure shell with authorized keys, never
with password authentication.
5. Use tcp_wrappers with RBL support to protect all services allowed.
Bill
--
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
Never blame a legislative body for not doing something. When they do
nothing, that don't hurt anybody. When they do something is when they
become dangerous. Will Rogers
More information about the Filepro-list
mailing list