[Courses] [Security] Class formats and contents

[Jillian-Beth Stamos-Kaschke]

Hi all,

On Tue, Mar 05, 2002 at 09:16:56AM -0500, Rosie Jones wrote:
> I don't have a great deal of experience, but have run netstat and
> been concerned about what I found, and turned off telnet access
> to a linux box under guidance.
> 
> I like following a book myself, so even if the class doesn't follow a
> book, I would find a book recommendation helpful for background reading.
> 
> Your guided discussion topics sound good. Free-for-all discussion doesn't
> sound so good to me. And I also like the suggestion "How can I tell if my
> linuxbox has been hacked". With a Follow-up "How do I clean up my hacked
> linuxbox".

Can I put in a plug for a tool I discovered recently called logcheck?

Basically, it's a very configurable shell script that digests your logfiles 
for you and sends you email in regular intervals (you can choose the 
intervals yourself; default is every 2 hours) informing you of anything 
irregular that goes on, such as login attempts (successful and unsuccesful),
relaying attempts, and so on. Of course, it doesn't replace securing
your box, but it's very handy as a reference of what's going on. It's
available for various distributions and pretty easy to set up.

There's an article on the subject at
http://www.freeos.com/articles/3540/ for anyone that's interested.

Jillian.