Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Posted 10-03-2009 at 04:52 AM byunSpawn Updated 04-01-2012 at 04:18 PM byunSpawn(//Enhanced logwatch/scripts/services/http diff, added Snort ET SID 2010920 rule and fail2ban regex example, fixed commas (thanks leslie_jones).)
As I'm seeing more questions about (badly coded) web applications spawning rogue processes I wonder why people don't read their logs. Attacks require reconnaissance so keeping an eye on anything that looks like a prelude enables you to take measures. And please spend time updating when updates are released, installing apps properly (like not leaving the installation files around when docs remind you not to), hardening (any IDS, mod_security, Gotroot rulesets, mod_evasive or equivalent, PHPIDS, Suhosin,...
Take a peak at RKH's SF CVS stats and you will see that activity picked up again. Currently the RKH 1.3.5(-dev) Changelog (rev1.119) lists 16 bugfixes, 13 new items, 14 changes and counting.
It was a bit sad to notice some of the existing signatures were incomplete though. And while everyone knows breaches of security "the old school rootkit way" have dropped to nil, RKH aims to be complete. So I'll be replaying rootkit installs again and working on improving rootkit checks...
Eiciel allows you to visually edit file ACL entries. You can add and remove users and groups who will be granted permissions through the graphical interface. Eiciel can be used as stand-alone application and as Nautilus extension.
Like before here's some results of running BitDefender, ClamAV and F-prot on over 11K of files containing Rootkits, LKM's and other goodies. Because of what I do most of the files are GNU/Linux related. (I run AV like a pentester would run metasploit against a networked entity.) I'm well aware of the AV-on-GNU/Linux-yes-or-no debate and this is not the place to go into that: search LQ or open up a thread if you need to discuss validity.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.