Re: Linux Baseline

From: wcb (wbarwell_at_mylinuxisp.com)
Date: 05/16/05


Date: Mon, 16 May 2005 02:41:48 -0500

mkavish wrote:

> I would like to create a baseline of a brand new linux install.
>
> This is what i plan to make a baseline of:
>
> /home
> /etc
> /usr/local
> /var
> /root
> /boot
>
> then doing a netstat to capture what ports are currently open:
> netstat -a -n > /root/Baseline/netstat-baseline
>
>
> Are there any other items that I should include in my base line before
> I put this server on the wire?

/bin
/sbin

/var is where your logs are.
Don't bother with them as they will start to change immediately anyway.

-- 
When I shake my killfile, I can hear them buzzing!
Cheerful Charlie


Relevant Pages

  • Re: hacked?
    ... So I ssh'd in and did a netstat and saw what looked like an unwanted SSH connection... ... On the local host type nmap -sV localhost -p 1-65535 to see what ports respond and which apps/services. ...
    (comp.os.linux.misc)
  • Win2k Netstat sockets interpretation
    ... BUT, netstat /a indicates netbios ports 137,138,139,445 listening when I allow ZA to allow T-bird to act as a server to connect to the ... but Akamaitech~ is frequently there and firefox always has 4 connections local and 4 remote open inaddition to the url i am browsing???? ... The output from Ethereal showed a big download in the background from google...hex and what looks like certificates or host file additions to banks .....I no option to control F.F. updates and like to know when/what is updated since permissions and options have a nasty habit of being reset to 'lame' when updates happen silently ...
    (alt.computer.security)
  • Re: Lyons book
    ... weeps the wickets pretty, Mohammed won't capture any great ports. ... Lately Faris will ignore the vol, and if Clifford again acknowledges it too, the ...
    (rec.music.classical.recordings)
  • Re: a tool like nestat
    ... netstat -b that will show you the programs associated with the ports in use. ... > a certified computer examiner, learn to recover trace data left behind by ...
    (Security-Basics)
  • RE: ID sensors on a Cisco Catalyst 6509 switch
    ... capability using the VLAN ACLs. ... We'll use ports 1-4 on the 10/100 mod. ... selection of capture ports. ... you specify a VLAN ACL with the capture ...
    (Focus-IDS)