I was just reading up on tripwire as I got your email looks good will google hardening system<div>I've already installed denyhosts and various other things (not that ssh is public yet)</div><div>my main concern is Apache2 as I don't have much experience with securing that it's normally already been done by my webhost</div>
<div>but I'm hosting a owncloud instance on my server linked to my NAS so I can access pretty much everything everywhere </div><div><br></div><div><br></div><div>Dick </div><div><br></div><div><br></div><div><br><div class="gmail_quote">
On 5 October 2011 23:02, Alice Kærast <span dir="ltr"><<a href="mailto:kaerast@computergentle.com">kaerast@computergentle.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<span style="font-size:10pt;font-family:Arial;font-weight:Normal"><br>Dotfiles like those are to be found all over a modern Linux distro. The key is comparing the results to a known clean install. That's not to say they're all ok just because they're known about, you then have to check what's inside them is legit.<br>
<br>A better option is running something like Tripwire which will detect changes to key files based on hash sums and modified times. But you need to know your system is clean to begin with.<br><br>Run your rootkit finder from a live CD, sort out any results (most will be false positives), go through the hardening procedures for your distro (Debian has a nice package which will help you - can't remember the name), then get tripwire running.<br>
<br>Alice<br><br><br>Sent from my Windows Mobile® phone.<br><br><hr><span style="font-size:10pt;font-family:Tahoma;font-weight:bold">From: </span><span style="font-size:10pt;font-family:Tahoma;font-weight:normal">Dick Thomas <<a href="mailto:xpd259@gmail.com" target="_blank">xpd259@gmail.com</a>></span><br>
<span style="font-size:10pt;font-family:Tahoma;font-weight:bold">Sent: </span><span style="font-size:10pt;font-family:Tahoma;font-weight:normal">05 October 2011 21:44</span><br><span style="font-size:10pt;font-family:Tahoma;font-weight:bold">To: </span><span style="font-size:10pt;font-family:Tahoma;font-weight:normal">Bradlug Mailing list <<a href="mailto:bradford@mailman.lug.org.uk" target="_blank">bradford@mailman.lug.org.uk</a>></span><br>
<span style="font-size:10pt;font-family:Tahoma;font-weight:bold">Subject: </span><span style="font-size:10pt;font-family:Tahoma;font-weight:normal">[Bradford] chkrootkit and nasties found</span><br><br></span><div><div>
hiya people</div><div class="im"><div><br></div><div>I've just installed debian (and stop it my David S about using a real OS like slackware)</div><div>and ran chkrootkit and got this output</div><div><br></div></div>
<div class="im"><div>Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found: </div>
<div>/usr/lib/xulrunner-1.9.1/.autoreg /usr/lib/pymodules/python2.6/.path /usr/lib/iceape/.autoreg /usr/lib/iceweasel/.autoreg /usr/lib/jvm/java-1.5.0-gcj-4.4/.java-gcj-4.4.jinfo /usr/lib/jvm/.java-6-sun.jinfo /usr/lib/jvm/java-6-sun-1.6.0.26/.systemPrefs /usr/lib/jvm/.java-6-openjdk.jinfo /lib/init/rw/.ramfs</div>
<div><br></div></div></div><div><div></div><div class="h5"><div>any one got any ideas?</div><div><br></div><div><br></div>-- <br><div><div style="margin-top:8px;margin-right:8px;margin-bottom:8px;margin-left:8px;font-family:'Times New Roman';font-size:medium;background-repeat:no-repeat no-repeat">
~~~~~~~~~~~~~~~~~~~~~~~~~~~<div>Dick Thomas <a href="mailto:xpd259@gmail.com" target="_blank">xpd259@gmail.com</a></div><div><a href="http://www.xpd259.co.uk/" target="_blank">www.xpd259.co.uk</a></div><div><a href="http://www.google.com/profiles/xpd259" target="_blank">www.google.com/profiles/xpd259</a></div>
<div><br></div></div></div><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><div style="margin-top:8px;margin-right:8px;margin-bottom:8px;margin-left:8px;font-family:'Times New Roman';font-size:medium;background-repeat:no-repeat no-repeat">
~~~~~~~~~~~~~~~~~~~~~~~~~~~<div>Dick Thomas <a href="mailto:xpd259@gmail.com" target="_blank">xpd259@gmail.com</a></div><div><a href="http://www.xpd259.co.uk/" target="_blank">www.xpd259.co.uk</a></div><div><a href="http://www.google.com/profiles/xpd259" target="_blank">www.google.com/profiles/xpd259</a></div>
<div><br></div></div></div><br>
</div>