[Courses] [Security] Class formats and contents

Jillian-Beth Stamos-Kaschke jillian at team.inter.net
Wed Mar 6 23:05:04 EST 2002


Hi all,

On Tue, Mar 05, 2002 at 09:16:56AM -0500, Rosie Jones wrote:
> I don't have a great deal of experience, but have run netstat and
> been concerned about what I found, and turned off telnet access
> to a linux box under guidance.
> 
> I like following a book myself, so even if the class doesn't follow a
> book, I would find a book recommendation helpful for background reading.
> 
> Your guided discussion topics sound good. Free-for-all discussion doesn't
> sound so good to me. And I also like the suggestion "How can I tell if my
> linuxbox has been hacked". With a Follow-up "How do I clean up my hacked
> linuxbox".

Can I put in a plug for a tool I discovered recently called logcheck?

Basically, it's a very configurable shell script that digests your logfiles 
for you and sends you email in regular intervals (you can choose the 
intervals yourself; default is every 2 hours) informing you of anything 
irregular that goes on, such as login attempts (successful and unsuccesful),
relaying attempts, and so on. Of course, it doesn't replace securing
your box, but it's very handy as a reference of what's going on. It's
available for various distributions and pretty easy to set up.

There's an article on the subject at
http://www.freeos.com/articles/3540/ for anyone that's interested.

Jillian.



More information about the Courses mailing list