Quote: |
I periodically check through /var/log/messages
which others should I be paying special attention to ? |
CoyoteX wrote: | ||
wont work. ever heard of logcleaners? check packetstorm for them. if your system is compromised, you wont even notice if the cracker is good. lets look at vanish (a log cleaner) pretty fast: "Vanish is a log wiper that cleans WTMP, UTMP, lastlog, messages, secure, xferlog, maillog, warn, mail, httpd.access_log, and httpd.error_log." pretty much every logfile there is. here an advice: - get a router - use a *BSD, openbsd i guess is pretty secure - check freshmeat for new security software, can help you alot thats it. |
paranoid wrote: |
Can someone suggest what I should be looking for to secure my mandrake machine to a reasonable standard:
<snip!> Im more concerned with where I should be looking for possibly security breaches and general administration. <snip!> Also where do I put IP restrictions on incoming SSH. I know this can be done through a firewall but im sure it can be done via configuration files or similar to /etc/hosts.allow |
Code: |
"The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs can access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more." |
paranoid wrote: |
I believe you should be able to do this by removing the "sshd: ALL" entry from the /etc/hosts.allow file if it is there and adding the appropriate information, e.g. "sshd: x.x.x.x", where x.x.x.x is the IP address of the host you wish to allow. |
Giro wrote: |
Would you not notice ur log files missing a day? |
output generated using printer-friendly topic mod, All times are GMT + 2 Hours