June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Chapter 9. Testing and Monitoring
To keep your system secure, be proactive: test for security holes and monitor for unusual activity. If you don’t keep watch for break-ins, you may wake up one day to find your systems totally hacked and owned, which is no party.
In this chapter we cover useful tools and techniques for testing and monitoring your system, in the following areas:
- Logins and passwords
Testing password strength, locating accounts with no password, and tracking suspicious login activity
- Filesystems
Searching them for weak security, and looking for rootkits
- Networking
Looking for open ports, observing local network use, packet-sniffing, tracing network processes, and detecting intrusions
- Logging
Reading your system logs, writing log entries from various languages, configuring syslogd, and rotating log files
We must emphasize that our discussion of network monitoring and intrusion detection is fairly basic. Our recipes will get you started, but these important topics are complex, with no easy, turnkey solutions. You may wish to investigate additional resources for these purposes, such as:
Computer Incident Advisory Capability (CIAC) Network Monitoring Tools page: http://ciac.llnl.gov/ciac/ToolsUnixNetMon.html
Stanford Linear Accelerator (SLAC) Network Monitoring Tools page: http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html
National Institutes of Health “Network and Network Monitoring Software” page: http://www.alw.nih.gov/Security/prog-network.html
Setting Up ...