Noway2 |
03-15-2013 12:50 PM |
Generally speaking, the best defense against all kinds of intrusion, including rootkits, is to adopt a policy and practice that is conducive to good security. The number one thing that you can do is monitor your log files. To make the process easier, you can use a program like Logwatch but it is still a good idea to understand and evaluate your logs. Another good idea is to use a HIDS program like Aide, Tripwire, or even a system like Samhain that is designed to alert you whenever something changes on your computer. You also need to make sure your vulnerability exposure is controlled and know what it is. Part of this is keeping your system up to date and adopting sensible settings on any server processes. If you follow these approaches, your ability to detect rootkits and other intrusions will be high and your likelihood of contracting them will be low.
|