[1929] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: WARNING: Break-in attempts

daemon@ATHENA.MIT.EDU (Mustapha A. Obeid)
Tue Jun 23 02:10:54 1998

Date: Mon, 22 Jun 1998 09:17:24 -0300 (ADT)
From: "Mustapha A. Obeid" <musta@eve.info.umoncton.ca>
To: "B. James Phillippe" <bryan@terran.org>
Cc: Linux Security <linux-security@tarsier.cv.nrao.edu>,
  linux-security@redhat.com
In-Reply-To: <Pine.LNX.3.96.980619014638.25219D-100000@earth.terran.org>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com


On Fri, 19 Jun 1998, B. James Phillippe wrote:
> I'm forwarding a copy of an email I sent reporting attempted
> break-ins on my main server, earth.terran.org.  I am forwarding this
> because I think it is relevant that folks watch for this kind of
> activity in their logs to catch people who "try doorknobs" in the
> middle of the night.

James,

	If your system was really under attack, then don't rely
too much on your local log files.

	Second, why don't you implement a "black box" log system ?
That's all log generated by all hosts on your network is forwarded
to a seperate log machine called black box.  Such computer grants
no access to any body whatsoever except for user "root" loginning on
the console.

-M.

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post