Linux Troubleshooting Bible

Intrusion Detection and Response: An OverviewModern intrusion detection covers a wide range of systems, functions, and tools. Some of these tools simply detect, log, or report intrusion attempts. Others respond to such attempts proactively....

Intrusion Detection ToolsMany Linux distributions include stock operating system tools that make file alteration monitoring easy and reliable if properly configured. In this section, we introduce some security functionality built into Red H...

Verifying Your Files with RPMIn order for any file alteration tracking method to work, you must have a baseline snapshot of your system so that you can compare the potentially compromised files to the intact versions. In this section, we sh...

Creating a Security BaselineIn order to get useful information about your system, you need to compare the existing reality against a known standard, or baseline. While the RPM database has a recording of all packages as they were when insta...

Automating System Scanning and NotificationAt this point, you've created some basic security tools and built a secret place to store them. Now, you need to bring it all together and build a single coherent system-scanning mechanism customiz...

Intrusion Troubleshooting Tracking down a cracker or cracker tools on a live system is a very scary but exciting thing. It's somewhat like strolling through a really good haunted house: pounding heart, adrenaline, tunnel vision, the whole ...

Intrusion Detection Resources Table 10-1 provides a few resources for intrusion detection information. Table 10-1: Intrusion Detection Resources Resource Location The Security Quick-Start HOWTO for R...

SummaryYou can watch your systems by systematically scanning them with some stock and some add-on packages that are all readily available and free (as in liberty and beer). With the automated and watchful assistance of built-in baseline too...