LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Blogs
User Name
Password

Notices


Old
Rating: 2 votes, 5.00 average.

Logwatch, webserver logs, PHP malarky

Posted 10-03-2009 at 04:52 AM by unSpawn
Updated 04-01-2012 at 04:18 PM by unSpawn (//Enhanced logwatch/scripts/services/http diff, added Snort ET SID 2010920 rule and fail2ban regex example, fixed commas (thanks leslie_jones).)
Tags logwatch, patch, php

As I'm seeing more questions about (badly coded) web applications spawning rogue processes I wonder why people don't read their logs. Attacks require reconnaissance so keeping an eye on anything that looks like a prelude enables you to take measures. And please spend time updating when updates are released, installing apps properly (like not leaving the installation files around when docs remind you not to), hardening (any IDS, mod_security, Gotroot rulesets, mod_evasive or equivalent, PHPIDS, Suhosin,...
Moderator
Posted in Uncategorized
Views 4547 Comments 0 unSpawn is offline
Old

Rootkit Hunter 1.3.5-dev progress

Posted 08-05-2009 at 09:47 AM by unSpawn
Updated 08-05-2009 at 09:49 AM by unSpawn

Take a peak at RKH's SF CVS stats and you will see that activity picked up again. Currently the RKH 1.3.5(-dev) Changelog (rev1.119) lists 16 bugfixes, 13 new items, 14 changes and counting.

It was a bit sad to notice some of the existing signatures were incomplete though. And while everyone knows breaches of security "the old school rootkit way" have dropped to nil, RKH aims to be complete. So I'll be replaying rootkit installs again and working on improving rootkit checks...
Moderator
Posted in Uncategorized
Views 1471 Comments 0 unSpawn is offline
Old

Eiciel .spec

Posted 07-09-2009 at 06:46 AM by unSpawn

Eiciel allows you to visually edit file ACL entries. You can add and remove users and groups who will be granted permissions through the graphical interface. Eiciel can be used as stand-alone application and as Nautilus extension.

ACL: http://bestbits.at
Eiciel: http://rofi.roger-ferrer.org/eiciel/
Also-see: http://www.cs.bham.ac.uk/~nrs/jfacl/ (Java-based UI)

I didn't see no package but I know it is in Fedora-extras, I just didn't want to rebuild it....
Moderator
Posted in Uncategorized
Views 2008 Comments 0 unSpawn is offline
Old

Torsocks .spec

Posted 07-03-2009 at 05:07 AM by unSpawn

Torsocks: http://code.google.com/p/torsocks/

Code:
# No debuginfo:
%define debug_packages	%{nil}
%define debug_package %{nil}
#
%define name torsocks
%define ver 1.0
%define rel 1
%define buildver %{ver}-gamma
#
# Configuration switches for rebuilding (1=yes 0=no).
# Force dns lookups to use tcp? (config switch --enable-socksdns)
%define enablesocksdns 0
%{?build_enablesocksdns:%define enablesocksdns
...
Moderator
Posted in Uncategorized
Views 1995 Comments 0 unSpawn is offline
Old

Non-authoritative scan results of BitDefender, ClamAV and F-prot

Posted 07-01-2009 at 07:35 PM by unSpawn
Tags antivirus

Like before here's some results of running BitDefender, ClamAV and F-prot on over 11K of files containing Rootkits, LKM's and other goodies. Because of what I do most of the files are GNU/Linux related. (I run AV like a pentester would run metasploit against a networked entity.) I'm well aware of the AV-on-GNU/Linux-yes-or-no debate and this is not the place to go into that: search LQ or open up a thread if you need to discuss validity.

The commercial AV market is kind of an odd...
Moderator
Posted in Uncategorized
Views 2546 Comments 0 unSpawn is offline

  



All times are GMT -5. The time now is 11:47 PM.

Main Menu
Advertisement
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration