Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: redhat audit

From: "Andrew Pretzl" <arp () norlight com>
Date: Tue, 17 Jun 2003 14:31:37 -0500





I would strongly suggest checking the system for a rootkit. Try the
chkrootkit tool at www.chkrootkit.org that finds a number of different
rookits which may be installed on the system. Your best bet in the long run
would be to reload the system from scratch and harden it before putting it
back into production. Check www.bastille-linux.org for an excellent set of
perl scripts which will walk you through hardening a Linux system.
Good luck!
AP
=============================
Andrew Pretzl - CISSP
Network Engineer
Norlight Telecommunications
http://www.norlight.com
=============================
"The opinions expressed here are my own and do not necessarily represent
those of Norlight Telecommunications".


                                                                                                                        
                 
                      Matthew Sallee                                                                                    
                 
                      <iammatt () holly col        To:       security-basics <security-basics () securityfocus com>     
                       
                      ostate.edu>               cc:       (bcc: Andrew Pretzl/Norlight)                                 
                 
                                                Fax to:                                                                 
                 
                      06/16/2003 04:01          Subject:  redhat audit                                                  
                 
                      PM                                                                                                
                 
                                                                                                                        
                 
                                                                                                                        
                 




recently my redhat box was compromised and i'm auditing changes that were
made
(i didn't notice for several days).

i've been trying to create a command that will allow me view all the files
modified in the last x number of days.

i've tried piping ls to grep with minimal success. any help is greatly
appreciated...

matt



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------







---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: