[TriLUG] Failed logins
jonc
jonc at nc.rr.com
Fri Sep 2 19:29:15 EDT 2005
On Fri, 2005-09-02 at 10:43, Alan Porter wrote:
> > I think my server's secure but that's what scares me :) How would I
> > know if someone did get access that wasn't supposed to? Any log files
> > I need to be monitoring?
>
> See chkrootkit. http://www.chkrootkit.org/
>
>
> Alan
>
I just wanted to put in yet another plug for running Mandrake with MSEC. Msec does a fantastic job of letting you know of *any* changes to any config files - or any new applications and ports that happen to open up on your local server.
I also use the DenyHosts python program (and have modded it to deny all
services from the compromised IP). These lame probes are almost always
script-kiddie attacks located on compromised PC's.
We should all get together at Lisa's InfoSeCon (Nov 1) and compare tin
foil hats.
Keep safe - Jon Carnes
More information about the TriLUG
mailing list