TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TCLUG:5793] security (some pre-coffee thoughts)...

Hash: SHA1

Sometime around the 4th of May in 1999, a certain Eric Hillman said:

: 	Read up on /etc/hosts.deny -- you can set it up to trigger scripts which
: can notify you of attack attempts, lock out intruders permanently via
: ipfwadm, or any number of responses.  (If you'd like, I have a script here
: written by Tom Cross which works quite nicely.)  Also, it might be a good
: idea to browse your logfiles on a regular basis to look for any suspicious
: goings-on.  (Even better would be to write a perl or shell script that does
: the browsing for you.)  Not only will you have a better idea what's going on
: with your machine on a daily basis, but if some script kiddie does make an
: attempt on your box, you can have the satisfaction of tracking down the
: miscreant and getting his mom's AOL account cancelled.

There are packages that do both of these things; I run sentry
to do the actual port monitoring, having it raise firewall
rules when violations of rulesets are made, and logcheck, which
(with more rulesets) scans your system logs and mails you with
any potential bad things.

I can't recall where I found sentry, but I got logcheck from

- --
| Joshua Becker                    - aka -                      JellyD |
| email:                          IRC: EFnet, DALnet |

Version: GNUPG v0.4.3 (GNU/Linux)
Comment: For info finger