Um mein system sicherer zu machen, moechte ich mir ein (paar) tools installieren.
Dabei sind mir die verschiedenen Verfahren klar, doch ich kenne halt die tools nicht:
Hier mal was ich innerhalb von debian gefunden habe.
bitte schreibt doch ob ihr erfahrung mit dem ein oder anderen prog. habt
harden-environment 0.1.4
"Harden-environment provides a hardened system environment, or at least helps the administrator to configure such an environment.
Right now this include packages for local intrusion detection."
integrit 2.03.02-1:
"A file integrity verification program like tripwire
Integrit helps you determine whether an intruder has modified your system. Without the use of integrit, a sysadmin wouldn't know if the programs used for investigating the system are trojan horses or not. Integrit works by creating a database that is a snapshot of the most essential parts of the system. You put the database somewhere safe, and then later you can use it to make sure that noone has made any illicit modifications to your system.
Integrit's key features are the small memory footprint, the design with unattended use in mind, intuitive cascading rulesets for the paths listed in the configuration file, the possibility of XML or human-readable output and simultaneous check and update. "
tripwire 2.3.1.2-6 (nur in unstable)
"A file and directory integrity checker.
Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner."
bsign 0.4.4
"Corruption & intrusion detection using embedded hashes
This package embeds secure hashes (SHA1) and digital signatures (GNU Privacy Guard) into files for verification and authentication. Currently, target file types are all ELF format: executables, kernel modules, shared and static link libraries. This program has functionality similar to tripwire and integrit without the need to maintain a database. "
Solltet ihr andere tools preferieren, nur her damit
Intrusion detection tools
Hi !
Was ist mit snort (http://www.snort.org) ?
Hat halt den Nachteil, dass es die Netzkarte in den promiscious-mode setzt...
Gruß
Olfi
Was ist mit snort (http://www.snort.org) ?
Hat halt den Nachteil, dass es die Netzkarte in den promiscious-mode setzt...
Gruß
Olfi
Evtl. dann gleich mit logsentry und hostsentry, alle drei bei http://www.psionic.comdemarque hat geschrieben:Du könntest auch noch den anti_portscanning daemon portsentry ausprobieren ...