Register a domain and help support LQ
Go Back > Blogs
User Name



Running Logwatch in a more portable way

Posted 04-28-2012 at 04:16 AM by unSpawn
Tags logwatch

In the Linux Security forum we often ask victims of (perceived) security breaches to gather log files and parse them for leads using Logwatch. Analysis is best done on a physically separate, known secure machine in a safe network. If left unmodified Logwatch configuration defaults will result in it picking up the machines logs instead of the compromised machines logs. Here is a patch for that will install Logwatch in a temporary directory and prepare it for receiving log files...
Posted in Uncategorized
Views 980 Comments 0 unSpawn is offline

rpmlib(PayloadIsXz) is needed by opera-11.60-1185

Posted 12-10-2011 at 05:49 AM by unSpawn

Running rpm_check_debug
ERROR with rpm_check_debug vs depsolve:
rpmlib(PayloadIsXz) is needed by opera-11.60-1185
(1, [u'Please report this error in'])
If you run into the above warning and are unable to get Opera installed the you should be aware of how Opera responded:
this is not a change in policy, just
Posted in Uncategorized
Views 2294 Comments 0 unSpawn is offline

Iptables rule traversal: bandwidth at >= 10K of IP addresses

Posted 11-24-2011 at 08:07 PM by unSpawn
Updated 11-24-2011 at 02:53 PM by unSpawn

Anyone who is interested in iptables performance will find Harris, Melara, Smith and Nico's "Performance analysis of the Linux firewall in a host" (2002) and Kadlecsik and Pásztor's "Netfilter Performance Testing" (2005). But what actually is the effect of a large rule set on performance?

The attached PDF I created is not an an exhaustive study of Netfilter performance but shows you Jperf data and pictures (joy!) for plain rule sets, ipset (iphash) and the iptables...
Attached Images
File Type: pdf Iptables rule traversal.pdf (551.9 KB, 120 views)
Posted in Uncategorized
Views 3578 Comments 0 unSpawn is offline
Rating: 2 votes, 3.00 average.

Traffic and Process Id correlation with audit and ULOG on IA-32 Centos-5.7

Posted 11-20-2011 at 08:24 AM by unSpawn

# ...being basically a clarification of dump all packets and list them according to the processes that either sent or received them and what command could display current running processes relating to eth0 so I can refer back to this when needed.

The question: generate an audit trail that includes captured traffic and process information.
The problem: when capturing packets no process information is stored.
Solution: correlation provides the "glue" between...
Posted in Uncategorized
Views 3950 Comments 1 unSpawn is offline

Rootkit Hunter alternative for suspscan

Posted 07-25-2011 at 06:16 PM by unSpawn

I've been mulling (yes, mulling) replacements for RKH's suspscan for a while now. Suspscan was an experiment to see if there could be a more generic, less name-based way of finding malware. The resultant monstrosity is resource-intensive, impossible to configurable and rarely used. Researching something else (as usual) I came across this rather good presentation (PDF) about creating ones own AV signatures: Writing ClamAV Signatures and not long after that I found R-fx Networks' Linux Malware Detect....
Posted in Uncategorized
Views 1459 Comments 0 unSpawn is offline


All times are GMT -5. The time now is 03:49 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration