LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-14-2006, 09:58 AM   #1
the_nu_gurl
LQ Newbie
 
Registered: Jan 2006
Location: DC Baby!!!!
Posts: 6

Rep: Reputation: 0
Linux OS files Question


Hi,

I have a question about the linux OS, what system files should be monitored across the board? Currently, I am implementing Tripwire and I just want to start with the basics.

Thanks!
 
Old 06-14-2006, 11:02 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
The first question should be what are you protecting and what other host hardening measures are taken?
An elaborate answer would involve looking at what the majority of rootkits "infect", but in short I'd say /lib, etc, /{sb,b}in, /usr/{sb,b}in,lib, /usr/lib would cover most of the "defaults" IMHO.


BTW, are you sure you want tripwire? It's stale, unsupported, badly licensed, unmaintained, cludgy while Aide (passive) and Samhain (active) are the opposite.
 
Old 06-14-2006, 11:44 AM   #3
the_nu_gurl
LQ Newbie
 
Registered: Jan 2006
Location: DC Baby!!!!
Posts: 6

Original Poster
Rep: Reputation: 0
Well that's what my company purchase..didn't have any input on that. The server has been hardened..Mostly we just want to know when and if someone is accessing critical systems files and such.

I guess I'll try a search on what toolkits infect.

Thnx
 
Old 06-15-2006, 08:58 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Well that's what my company purchase
I see. The commercial version. Oh well.


accessing critical systems files
On stable servers only some files in /etc will probably need tweaking.
Not to start a discussion, but "critical" can mean different things...


I guess I'll try a search on what toolkits infect.
Covering ninetynine percent of that really is kinda easy.
Just use your grep-fu on the sources of Chkrootkit and Rootkit Hunter.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
converting a doc/ppt Windows files in html files under linux env agrosu Programming 7 02-23-2006 04:07 PM
Access_log files question foreverdita Linux - Security 1 05-10-2005 07:42 PM
.sit files and .bin files in Linux pierre24 Linux - Newbie 2 02-02-2005 08:55 AM
question on config files vs build files working2hard Programming 2 07-29-2004 12:45 PM
question about trojan files pyre Linux - Security 3 04-02-2004 12:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration