From owner-freebsd-security Tue Dec 19 11:49:29 2000 From owner-freebsd-security@FreeBSD.ORG Tue Dec 19 11:49:27 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mail1.rdc1.il.home.com (mail1.rdc1.il.home.com [24.2.1.76]) by hub.freebsd.org (Postfix) with ESMTP id 82EE637B402 for ; Tue, 19 Dec 2000 11:49:27 -0800 (PST) Received: from home.com ([24.17.229.11]) by mail1.rdc1.il.home.com (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20001219194926.FEWD26687.mail1.rdc1.il.home.com@home.com>; Tue, 19 Dec 2000 11:49:26 -0800 Message-ID: <3A3FBBCA.9080808@home.com> Date: Tue, 19 Dec 2000 13:49:30 -0600 From: "Victor R. Cardona" User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.0-test11 i586; en-US; m18) Gecko/20001218 X-Accept-Language: en MIME-Version: 1.0 To: admin Cc: freebsd-security@FreeBSD.ORG Subject: Re: Securing FreeBSD against hacking References: <000e01c069e8$d30dccc0$f46fbdd1@pacex.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org admin wrote: > 1. How do I setup a dedicated machine to collect data and connection > attempts to my machines I'm not sure if this is what you have in mind, but you could setup syslog to log to a remote machine. > 2. How to implement a notification systems to alert when critical files > on the server have been tampered with. A combination of syslog and tripwire might work here. I have never tried it myself. > 3. How to find out if my machines are REALY CLEAN (some sort of software > auditing to determine if what is already in the machines is a good > benchmark for future security audits) Tripwire is a file auditing utility. Unfortunately for it to be effective, you must know that your system is clean. The only way to be 100% sure would be to run it after a fresh install from protected media, and before any network connection is made. Victor Cardona vcardona@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message