Eugene Smiley on 10 Aug 2015 19:12:04 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Security breach post morten


lynis
chkrootkit and rkhunter

On Mon, Aug 10, 2015 at 7:10 PM, Paul Walker <pjwalker76@gmail.com> wrote:
Mostly looking for advice and tools on post-mortem analysis assuming that no special measures were taken during setup (no checksums, snapshots etc)

On Mon, Aug 10, 2015 at 10:08 PM, Eugene Smiley <eug.smiley@gmail.com> wrote:
I just went through a scare a while back, but took horrific notes on the subject.

What I do have written down is a list of various tools, some are only useful if set up before the incident.

lynis
chkrootkit and rkhunter
auditd
afick/aide/osiris/samhain/tripwire/ossec/tiger
fail2ban
logcheck/logwatch
snort

On Mon, Aug 10, 2015 at 6:57 PM, Paul Walker <pjwalker76@gmail.com> wrote:
Assuming that a system has had a security breach, what are tools and procedures that people would use to evaluate filesystem backups and database dumps for the presence of malicious code, unauthorized user accounts, malware, etc?

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug



___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug



___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug