[CLUE-Tech] Is someone trying to hack me?

Adam Bultman adamb at glaven.org
Thu Nov 14 15:51:20 MST 2002 

Here's what I do to keep 'safe': Make sure I'm patched. Run portsentry,
even on the inside.  Run logsentry.  Run Snort. Watch things carefully.
Making sure you have the newest versions only goes so far.  you have to
make sure people aren't poking around where they shouldn't be, and when
they do, they need to be gotten rid of. Since I installed portsentry on my
work machines, literally hundreds of Ips have been blocked from hosts that
scan/poke around. I couldn't have been happier.  I'm a bit anal (hourly
log combs, tripwire, portsentry) but the second someone gets in, hopefully
- *hopefully* - I'll know about it.


On Thu, 14 Nov 2002, Kirk Rafferty wrote:

> On Thu, Nov 14, 2002 at 09:55:16AM -0700, Michael J. Miller wrote:
> > Any recommendations on hardening a linux box that's _slightly_ exposed
> > to the outside world?
> >
> > I've got a Redhat 8 server that's got a default apache install, behind a
> > linksys firewall...ports for http and SSH are the only available ports.
>
> If you don't have a subscription to Red Hat Network (rhn.redhat.com),
> you should really consider doing so.  It's only $60/year/system, and more
> than worth the price.  And actually, if this is your only Red Hat system,
> Red Hat gives you a complimentary subcription, so it may even be free for
> you.  I have a number of systems on RHN, and it's more than worth the
> money.  I can see at a glance which systems need to be updated (via a
> secure web interface), and can schedule any updates from a single
> interface.  You can even keep your kernel updated through RHN, although
> I've been a little shy to try it on a production system. :)
>
> This doesn't harden your system, of course, but it goes a long way towards
> that goal.  I've used RHN for about a month now, and am so happy I don't
> have to do this manually anymore.
>
> (ObDisclaimer: I don't work for or profit from Red Hat)
>
> -k
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>

-- 
Adam Bultman
adam at glaven.org
[ http://www.glaven.org ]

More information about the clue-tech mailing list