Chapter 17. Scanning Your System for Anomalies

Previous page
Table of content
Next page
   

The previous chapter looked at ways to continuously monitor the system for problems; here you design periodic scans to find problems. The difference is that some things can be done continuously without significant system or human overhead. Other items have too much overhead to do continuously. You probably have some additional ideas that will be helpful. Certainly, Tripwire is very helpful but on a system with many changing files, cracker-induced changes can be lost among expected changes.

The topics covered in this chapter include:

  • "Finding Suspicious Files" on page 645

  • "Tripwire" on page 649

  • "Detecting Deleted Executables" on page 655

  • "Detecting Promiscuous Network Interface Cards" on page 656

  • "Finding Promiscuous Processes" on page 660

  • "Detecting Defaced Web Pages Automatically" on page 661

       
    Top

    Previous page
    Table of content
    Next page
    Real World Linux Security Prentice Hall Ptr Open Source Technology Series
    Real World Linux Security Prentice Hall Ptr Open Source Technology Series
    ISBN: N/A
    EAN: N/A
    Year: 2002
    Pages: 260
    BUY ON AMAZON
    Cisco IP Communications Express: CallManager Express with Cisco Unity Express
    Adobe After Effects 7.0 Studio Techniques
    Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
    The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
    The Oracle Hackers Handbook: Hacking and Defending Oracle
    VBScript in a Nutshell, 2nd Edition
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy