Basic HTML version of Foils prepared May 19 99

Foil 36 Recommendations (3)

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. by Roman Markowski
1 Intruder detection checklist
  • check /etc/hosts.equiv, .rhosts
  • look everywhere for unusual or hidden files with names like `...', `.. `, `..^G'
    • find / -name ".. " -print
  • check your systems for unauthorized use of a network monitoring programs (sniffers)
  • examine all files that are run by `cron' or `at'
  • inspect /etc/passwd, /etc/inetd.conf, last login
  • examine all machines on the network for signs of intrusions
  • check system binaries to make sure that they haven't been altered (login, su, telnet, ifconfig, ps, ls, find, du, df, netstat)
in Table To:

© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Wed May 19 1999