Re: Linux hardening
From: Jayson Anderson (sonick_at_sonick.com)
To: email@example.com Date: Wed, 24 Aug 2005 10:40:14 -0700
Partially speaking, a good dent can be made by exhaustively culling
through /etc of course, *.cf and *.conf can help, source code if applies
to your site, all suid and sgid binaries (Modify:) in addition to a few
site and host-specific executions of 'find' with the '-anewer',
'-cnewer' and '-newer' flags primarily. Clever (read: site relevant)
application of [elapsed] times can result in a couple text files that
contain well beyond the majority of what will need integrity monitoring
to some degree. Just need to sit for a spell and give thorough
consideration to each line entity, with a few follow-up finds as needed.
The rest is just recollection, critical apps and filesystem awareness in
general. Add them altogether and that's a good dent in what will need
monitoring...... 'best practice' and 'defacto' are too small of a
scope versus host-wide, so thorough hardening and monitoring is almost
always exhaustive and exhaustING..... at least in my experience where it
is most critical that mishaps be held down to a minimum.....
On Tue, 2005-08-23 at 13:04 -0400, Norwich University - Information
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Since we're talking about Linux hardening...
> What do folks suggest as far as files that should be monitored with
> integrity checking tools? Obviously, tmp files and other frequently
> changed files are out of the question, and it is also impractical to do
> checking on all other files. Does anyone have a best practices list or
> suggestions of what files are critical to monitor with integrity checking?
> /var/www/<static web pages>
> - --
> Jason Wallace
> Chief Information Security Officer
> Norwich University
> "If you spend more on coffee than on information security,
> then you will be hacked. What's more, you deserve to be hacked."
> -Richard Clarke
> Special Advisor to the President on Cybersecurity
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> -----END PGP SIGNATURE-----
- application/pgp-signature attachment: This is a digitally signed message part