From owner-freebsd-hackers  Fri Sep 14 11:48:51 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by hub.freebsd.org (Postfix) with ESMTP id 28A7A37B401
	for <hackers@FreeBSD.ORG>; Fri, 14 Sep 2001 11:48:47 -0700 (PDT)
Received: from hades.hell.gr (patr530-b093.otenet.gr [195.167.121.221])
	by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id f8EImfd15420;
	Fri, 14 Sep 2001 21:48:42 +0300 (EEST)
Received: (from charon@localhost)
	by hades.hell.gr (8.11.6/8.11.6) id f8EIPQv31661;
	Fri, 14 Sep 2001 21:25:26 +0300 (EEST)
	(envelope-from charon@labs.gr)
Date: Fri, 14 Sep 2001 21:25:25 +0300
From: Giorgos Keramidas <charon@labs.gr>
To: Igor Podlesny <poige@morning.ru>
Cc: hackers@FreeBSD.ORG
Subject: Re: Checking changes to listening ports in /etc/security
Message-ID: <20010914212525.B21489@hades.hell.gr>
References: <charon@labs.gr> <200109132125.f8DLP2d97096@hak.lan.Awfulhak.org> <20010914015203.A43352@hades.hell.gr> <22226074908.20010914111110@morning.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <22226074908.20010914111110@morning.ru>; from poige@morning.ru on Fri, Sep 14, 2001 at 11:11:10AM +0800
X-PGP-Fingerprint: 3A 75 52 EB F1 58 56 0D - C5 B8 21 B6 1B 5E 4A C2
X-URL: http://students.ceid.upatras.gr/~keramida/index.html
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

From: Igor Podlesny <poige@morning.ru>
Subject: Re[2]: Checking changes to listening ports in /etc/security
Date: Fri, Sep 14, 2001 at 11:11:10AM +0800

> 
> Hello!
> 
> I've done similar thing by myself also, cause I have been working with
> some  Linux  distros,  where it is an usual thing (I mean detection of
> any listeners changes) and I consider this is useful.
> 
> But,  the  idea is slightly different -- my code is being called every
> minute  (cron).

Yes I thought of something like that too, and many of the /etc/security checks
would be nice to run more often.

But having all of the /etc/security checks run every minute is an overkill :(
It would practically bring my box to its knees.

I think I'll stick to a diff of sockstat.today and sockstat.yesterday in my
daily security checks.

-giorgos



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message