[NBLUG/talk] Security guides..

augie augie at schwer.us
Sat Oct 11 10:31:00 PDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steve Johnson wrote:
[snip]
> What are some good steps for auditing a system?  If you were to be
> hired to check out someones linux (or even bsd) box, what would be
> some of the things you would check first?

just off the top of my head i'd say:

check the logs for anything suspicious.

check the timestamp on important files or binaries.

check the process utilization (ps) to see if there is anything there
that probably shouldn't be, or that is running at an abnormally high level.

if you've got backups of important binaries or scripts you can compare
them to your existing files to see if they have changed. (assuming your
backups are of a clean system). i've heard of some people makeing md5
message digests of their binaries with md5sum, and storing those digests
off site, so that they can be compared if you think the system has been
compromised.

augie.


- --
irc.nblug.org #nblug
registered linux user #229905
gpg public key: http://www.schwer.us/schwer.asc
Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE 2AC3 CB99 2784 27B0 C072

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/iD4ky5knhCewwHIRApoQAJ47NrbUX19rKzhiXC1DldukrC2EiwCeJ8l8
85JKlrzr2ohR2ixRLZjqXxs=
=+Ihb
-----END PGP SIGNATURE-----




More information about the talk mailing list