[TriLUG] Failed logins

jonc jonc at nc.rr.com
Fri Sep 2 19:29:15 EDT 2005


On Fri, 2005-09-02 at 10:43, Alan Porter wrote:
> > I think my server's secure but that's what scares me :) How would I
> > know if someone did get access that wasn't supposed to? Any log files
> > I need to be monitoring?
> 
> See chkrootkit.  http://www.chkrootkit.org/
> 
> 
> Alan
> 
I just wanted to put in yet another plug for running Mandrake with MSEC. Msec does a fantastic job of letting you know of *any* changes to any config files - or any new applications and ports that happen to open up on your local server.

I also use the DenyHosts python program (and have modded it to deny all
services from the compromised IP).  These lame probes are almost always
script-kiddie attacks located on compromised PC's.

We should all get together at Lisa's InfoSeCon (Nov 1) and compare tin
foil hats.

Keep safe - Jon Carnes





More information about the TriLUG mailing list