-
August 17th, 2010, 01:11 PM
#1
Rootkit security monitoring in ISP
I have a few hundred Linux servers installed and i am trying to find the best solution for rootkit monitoring on these boxes. Maybe even something that allows for large scale deployments.
I currently run rkhunter but its not enough there are loads of logs and i need something to help me raise red flags and to spot problems quickly.
Any ideas?
----------------------------------------------------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said a faster horse." ~ Henry Ford
-
August 26th, 2010, 12:49 AM
#2
Junior Member
I'm not sure if it does everything you're looking for, but Tripwire is a tried and true solution.
-
August 27th, 2010, 10:56 AM
#3
I have been looking around a lot and i'm thinking OSSEC seems like a best option to me.
And from their site:
OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.
It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. A list with all supported platforms is available here.
If anyone has any other ideas i am all ears.
----------------------------------------------------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said a faster horse." ~ Henry Ford
-
August 30th, 2010, 04:39 PM
#4
First and foremost, you need to prevent the intrusions (duh)
Are you running SELinux containers? At least chroot environments for each public daemon?
Use SUID and SGID (carefully) to allow things to read/write where needed without a direct path to root from the user.
Real security doesn't come with an installer.
Similar Threads
-
By SDK in forum Miscellaneous Security Discussions
Replies: 0
Last Post: December 1st, 2004, 12:45 AM
-
By t3gilligan in forum *nix Security Discussions
Replies: 18
Last Post: February 28th, 2004, 02:31 AM
-
By .:|Mymx|:. in forum AntiOnline's General Chit Chat
Replies: 4
Last Post: May 24th, 2003, 10:37 AM
-
By xmaddness in forum Miscellaneous Security Discussions
Replies: 0
Last Post: September 25th, 2002, 08:53 PM
-
By xmaddness in forum Miscellaneous Security Discussions
Replies: 0
Last Post: May 29th, 2002, 09:27 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|