Re: apache compromised to send spam, need way to check file access
From: Ohmster (notareal_at_emailaddress.com)
Date: 04/26/05
- Next message: Ohmster: "Re: apache compromised to send spam, need way to check file access"
- Previous message: DaG: "Re: Scponly "WinSCP: this is end-of-file:0""
- In reply to: Newsbox: "Re: apache compromised to send spam, need way to check file access"
- Next in thread: Ohmster: "Re: apache compromised to send spam, need way to check file access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 25 Apr 2005 22:38:40 GMT
Newsbox <nospam_for_me_please@thanks.invalid> wrote in
news:XcKdnfTpjYL4zvDfRVn-oQ@acadia.net:
> Don't worry about Tripwire right now. Put it right at the bottom of
> your list and don't come back to it until you have your other issues
> resolved. Tripwire is indeed difficult to use; it absorbs resources
> and time (time that you need now for other things). At best, it will
> tell you that there has been an intrusion, -- *after* *the* *fact*.
> Running tripwire now will be less than useful. It needs to be first
> run on a known good system which yours is not. When you are back to a
> known good system ask a separate question about tripwire, with
> particular interest in the value of running it as a cron job. I'm
> sure you will get good answers. For the moment, forget about tripwire
> completely and concentrate on your other issues.
>
> Best wishes.
Couldn't agree more, Newsbox. Tripwire might be a really good blueprint
tool where you can see all of the original files, and it sure did list
them, all of them, over a meg of pure text in each mail, when you install
it. Then you get a report every day on what, if anything, changed, and
there are severity levels for each particular class of files. This is not
going to help me now, will worry about it when the box is secured. I
actually did not mind not getting the tripwire emails as they were huge
text files, listing every darned file on the system. What good is this? I
would have preferred a summary, nothing changed, suid on such and such
changed, temp files changed (who cares?), etc. This massive list of paths
and files every single day was pretty dreary.
Anyway, will fix it later, see ya Newsbox and thanks.
-- ~Ohmster ohmster at newsguy dot com
- Next message: Ohmster: "Re: apache compromised to send spam, need way to check file access"
- Previous message: DaG: "Re: Scponly "WinSCP: this is end-of-file:0""
- In reply to: Newsbox: "Re: apache compromised to send spam, need way to check file access"
- Next in thread: Ohmster: "Re: apache compromised to send spam, need way to check file access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
