From owner-freebsd-security  Tue Dec 19 11:21:27 2000
From owner-freebsd-security@FreeBSD.ORG  Tue Dec 19 11:21:25 2000
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from daedalus.cs.brandeis.edu (daedalus.cs.brandeis.edu [129.64.3.179])
	by hub.freebsd.org (Postfix) with ESMTP id 1DA0937B400
	for <freebsd-security@FreeBSD.ORG>; Tue, 19 Dec 2000 11:21:25 -0800 (PST)
Received: from localhost (meshko@localhost)
	by daedalus.cs.brandeis.edu (8.9.3/8.9.3) with ESMTP id OAA20807;
	Tue, 19 Dec 2000 14:21:18 -0500
Date: Tue, 19 Dec 2000 14:21:18 -0500 (EST)
From: Mikhail Kruk <meshko@cs.brandeis.edu>
To: admin <admin@pacex.net>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: Re: Securing FreeBSD against hacking
In-Reply-To: <000e01c069e8$d30dccc0$f46fbdd1@pacex.net>
Message-ID: <Pine.LNX.4.30.0012191419220.20567-100000@daedalus.cs.brandeis.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: meshko@daedalus.cs.brandeis.edu
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

2,3

106 meshko@polkan2 /home/meshko> cat /usr/ports/security/tripwire/pkg/DESCR
Tripwire is a tool that aids system administrators and
users in monitoring a designated set of files for any changes.
Used with system files on a regular (e.g., daily) basis, Tripwire
can notify system administrators of corrupted or tampered files,
so damage control measures can be taken in a timely manner.

1 is kind of general. Set up a firewall machine between you and the world
and make it log everything you find appropriate?

> Hi Folks;
>
> I am kinda glad I hung around this list for a while...
> I am running a FreeBSD 4.2-STABLE (recently upgraded machines) for web (Apache-1.39)mail (Qmail-1.03 sendmail-8.11.1).
> I have recently seen some activities on the web server that make me very nervous (I know I am being very general) but my concern is:
>
> 1.  How do I setup a dedicated machine to collect data and connection attempts to my machines
> 2. How to implement a notification systems to alert when critical files on the server have been tampered with.
> 3. How to find out if my machines are REALY CLEAN (some sort of software auditing to determine if what is already in the machines is a good benchmark for future security audits)
>
>
> Thank you!
>
>
> Dan
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message