finding bad things and centralizing security

• Previous message: David M. Brown: "RE: Cable Vs. DSL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 21 Apr 2003 18:59:35 -0500 (Central Daylight Time)
From: "Strider" <strider@chatcircuit.com>
To: <security-basics@securityfocus.com>

 I manage 10 servers, each hosting a large number of virtual servers using
cPanel. The service is growing fairly rapidly so I need to know the best way
to centralize management of the security and the services on the servers,
such as periodic security security audits, monitoring processes (such as
server daemons), generate reports, so on and so forth. Snort is great for
reporting intrusion attempts, and tripwire for reporting unusual filesystem
activity, but not when you get several to sift through. I've seen many, such
as demarc's puresecure, but I am on a tight budget.
 
Also, the "finding bad things" part of this email, lately we've been hit
with users who are installing scripts with the purpose of exploiting their
bugs, and installing things like bindtty and cgi.pl (a shell through cgi
script), in order to do other bad things, including root attempts (albeit
unsuccessful). Is there a way to scan for these things and have either some
kind of automated action or a report sent via email? What I'd like to scan
for is the bugged scripts as well as the exploits (similar to chkrootkit,
except including the site scripts).

Thanks in advance.
 
Beau (Strider) Steward
strider@chatcircuit.com
http://www.arteryplanet.net
http://www.chatcircuit.com

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-security-basics
----------------------------------------------------------------------------

• Previous message: David M. Brown: "RE: Cable Vs. DSL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Microsoft Strategic Technology Protection Program ... servers and workstations through GPOs. ... that it's impossible for users to inadvertently execute worm scripts. ... and other security patches using startup scripts written in JScript. ... (NT-Bugtraq) Re: [Full-disclosure] Brute force attack - need your advice ... to setup properly" and as I stated nothing is foolproof or totally ... is more of a point that security is ever evolving. ... But as I said, this is pure populism, servers are here to serve, not ... there are e.g. scripts which evaluate failed logins from ... (Full-Disclosure) Re: Need urgent help regarding security ... There is plenty of security info out there ... email from even a dozen servers is small. ... an OS version upgrade should not be taken lightly. ... Given that your root password was apparently found on the servers, ... (freebsd-questions) [Full-Disclosure] w32.frethem.k@mm and good reading ... Script kiddies deface websites. ... only obfuscating your own perception of security. ... >> vulnerabilities in a particular operating system or server software ... >> Imagine a custom operating system used by only a few servers, ... (Full-Disclosure) [Full-Disclosure] w32.frethem.k@mm and good reading ... Script kiddies deface websites. ... only obfuscating your own perception of security. ... >> vulnerabilities in a particular operating system or server software ... >> Imagine a custom operating system used by only a few servers, ... (Full-Disclosure)