Recommendations (3)

• Intruder detection checklist

  • check /etc/hosts.equiv, .rhosts
  • look everywhere for unusual or hidden files with names like ‘…’, ‘.. ‘, ‘..^G’
    • find / -name “.. “ -print
  • check your systems for unauthorized use of a network monitoring programs (sniffers)
  • examine all files that are run by ‘cron’ or ‘at’
  • inspect /etc/passwd, /etc/inetd.conf, last login
  • examine all machines on the network for signs of intrusions
  • check system binaries to make sure that they haven’t been altered (login, su, telnet, ifconfig, ps, ls, find, du, df, netstat)

Previous slide

Next slide

Back to first slide

View graphic version