Auditing
- Once your system is set up you need to periodically monitor activity
to detect any intrusion.
- Use syslog facility
- Monitor syslog files
- Configure /etc/syslog.conf to record the information you want to monitor
- Setup standalone computer to record syslog information
- Create hardcopy of critical information - a cracker can destroy files
but usually not paper copies
- Use SWATCH to automatically monitor syslog files
- Use COPS or TIGER to scan for security probles
- Run with crontab and email problems to administrator
- Checks permissions, devices, passwords, startup files, FTP security
- Use Tripwire to detect changes in files
- Tripwire uses signatures to compare files for differences
CLUG HOME
| Events
| Directions
| Members
| Mailing Lists
(archives,
FAQ)
Resources
| Search
| Library
| Presentations
| Contributions
| Bylaws
| Board Minutes
CLUG Contact: Jeff Gilton (jeff@jsgis.com)
Web Page Contact: webmaster@clug.org
Last Modified: