you are here: home > security > docs > integrity
Call trans opt: receveid. 9-18-99 14:32:31 REC:log>
WARNING: carrier anomaly
Trace program: running
> Welcome 38.103.63.16
07.07.2008 - 07:51 (05:51 GMT)
5orry, you have... NO MAIL.

Integrity : The Complete Toolsbox

  • This category contains 3 Papers
  • The last paper was added on 2007-03-26 (YYYY-MM-DD)

Intrusion Detection with Tripwire

Published on 2004, by Barry O'Donovan, ©Barry O'Donovan.

A little over two years ago I was hacked. Someone broke into a web server I was administrating that had only Apache and OpenSSH running publically, and all packages were up-to-date. The hacker replaced my ps binary with his own to hide his processes, added a new service that was executed from the binary "/bin/crond " (the space is intentional - it makes it look like a normal and an expected process in a running-processes listing and a normal binary in a directory listing). The "crond " process gathered usernames and passwords and stored them in a text file in the directory "/dev/pf0 / /", (5 and 2 spaces respectively), which also contained a root shell. The chances of me finding and identifying this intrusion would have been extremely remote if I had not been running Tripwire

File infos:

Mass deploying Osiris

Published on 2004-11-22, by Duane Dunston, ©Guardian Digital, Inc..

Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel.

File infos:

Tripwire on your Fedora Box

Published on 2004-03-02, by Krishnan Subramanian, ©FedoraNEWS.

Tripwire is an Intrusion Detection System. This can be used to alert users whenever their system is compromised. Tripwire detects and reports changes in system files. It will alert you through email whenever a change is detected. If the change is due to normal system activity, you can instruct Tripwire not to report the change to that file in future. If the change is not due to normal system activity, then it is a clear indication that something is wrong and you need to act immediately and fix the issue. Thus tripwire comes very handy to maintain the integrity of the system.

File infos:

Created: 2004-12-04 21:37 | Modified: 2007-03-26 00:17 | Size: 9365 octets

Search:

Search:



 

This page is also available in the following languages:
| English |

Copyleft L0T3K, The Look of Love Research Alliance - 2001-2008
Fédération Anarchiste Interplanétaire --[ Collectif l'Histrion -- Groupe Carl Einstein ]

Emergency Contact: webmistress [AT&belle] l0t3k [CYPHERPUNK] org | Version: Alpha 0.5 "Angelique"

A Solaar System site dedicaced to Ada Byron King, Countess of Lovelace ; Edith Clarke ; Rosa Peter ; Grace Murray Hopper ; Alexandra Illmer Forsythe ; Evelyn Boyd Granville ; Margaret R. Fox ; Erna Schneider Hoover ; Kay McNulty Mauchly Antonelli ; Alice Burks ; Adele Goldstine ; Joan Margaret Winters...

L0T3K: Le Premier Féminin High-tech à vocation interplanétaire