Kategoriarkiv: Linux

Finding compromised packages with RPM

Udgivet den juli 10, 2004 af mike

Verify operating system installed files in an RPM-based distribution. So you’ve had a compromise and need to figure out which files (if any) were modified by the intruder, but you didn’t install Tripwire? Well, all is not lost if your … Læs resten

Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

Verify file integrity and find compromised files

Udgivet den juli 10, 2004 af mike

Use Tripwire to alert you to compromised files or verify file integrity in the event of a compromise. One tool that can help you detect intrusions on a host and also ascertain what happened after the fact is Tripwire (http://sourceforge.net/projects/tripwire). … Læs resten

Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

Forensics: Create an image of the entire harddisk

Udgivet den juli 10, 2004 af mike

Make a bit-for-bit copy of your system’s disk for forensic analysis. Before you format and reinstall the operating system on a recently compromised machine, you should take the time to make duplicates of all the data stored on the system. … Læs resten

Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

Optimizing snort for high performance / Database

Udgivet den juli 10, 2004 af mike

Decouple Snort’s output stage so it can keep pace with the packets. Snort by itself is fine for monitoring small networks or networks with low amounts of traffic, but it does not scale very well without some additional help. The … Læs resten

Udgivet i Knowledge Base, Linux, Networking, Old Base | Skriv en kommentar

Stealthing the sensorts

Udgivet den juli 10, 2004 af mike

Keep your IDS sensors safe from attack, while still giving yourself access to their data. Your IDS sensors are the early warning system that can both alert you to an attack and provide needed evidence for investigating a break-in after … Læs resten

Udgivet i Knowledge Base, Linux, Networking, Old Base | Skriv en kommentar

Automated snort rule updating

Udgivet den juli 10, 2004 af mike

Keep your Snort rules up-to-date with Oinkmaster. If you have only a handful of IDS sensors, keeping your Snort rules up-to-date is a fairly quick and easy process. However, as the number of sensors grows it can become more difficult. … Læs resten

Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

Dynamic firewall with snortsam

Udgivet den juli 10, 2004 af mike

Use SnortSam to prevent intrusions by putting dynamic firewall rules in place to stop in-progress attacks. An alternative to running Snort on your firewall and having it activate filtering rules on the machine it’s running on [Hack #87] is to … Læs resten

Udgivet i Knowledge Base, Linux, Networking, Old Base | Skriv en kommentar

Writing snort rules

Udgivet den juli 10, 2004 af mike

Customize Snort for your own needs quickly and easily by leveraging its flexible rule engine and language. One of the best features of Snort is its rule engine and language. Snort’s rule engine provides an extensive language that enables you … Læs resten

Udgivet i Knowledge Base, Linux, Networking, Old Base | Skriv en kommentar

Snort sencors

Udgivet den juli 10, 2004 af mike

Use SnortCenter’s easy-to-use web interface to manage your NIDS sensors. Managing an IDS sensor and keeping track of the alerts it generates can be a daunting task, and even more so when you’re dealing with multiple sensors. One way to … Læs resten

Udgivet i Knowledge Base, Linux, Networking, Old Base | Skriv en kommentar

Forward and encrypt trafic with ssh

Udgivet den juli 10, 2004 af mike

Keep network traffic to arbitrary ports secure with ssh port forwarding. In addition to providing remote shell access and command execution, OpenSSH can also forward arbitrary TCP ports to the other end of your connection. This can be extremely handy … Læs resten

Udgivet i Knowledge Base, Linux, Old Base, SSH | Skriv en kommentar