Enough prevention?
Hello if anyone read my other post I got rootkit'd. So I read the posts ppl left me and all the different packages that are out there to save me from this fate again. So here is what I have/having installed and configured and I want to know if I left any gaps.
-Firewall
Shorewall
-Kernel watching and protection
Bastille
Chkrootkit
-Logfile watcher
Tenshi
-Network intrusion detection
Snort
-File integrity checker
Aide
-Locking down configs
sshd (no root logins)
apache (lockdown PHP) would chrooting the htmlroot work, or would it just break apache?
tcp wrappers (Can snort create a list for me to deny?)
Mysql (created strong root password pass phrase, blocked in firewall, and disabled network options, works localhost only)
Is there anything large that I missed? Anything else I can read about and learn to see if it fits my system.
Thanks
Last edited by Super7; 07-18-2006 at 01:27 PM.
|