Chapter 16. Monitoring Activity

   


This chapter is devoted to monitoring. A major part of this is automatically monitoring log files. You also look at LAN traffic, monitoring the scanners that crackers use to scan your system, and monitoring processes. There is a brief discussion about the use of Caller ID, used to see who is dialing into your modems. You also consider the use of cron to automatically perform monitoring duties and also see how it can be turned against you by crackers.

The topics covered in this chapter include:

  • "Log Files" on page 605

  • "Log Files: Measures and Countermeasures" on page 606

  • "Using Logcheck to Check Log Files You Never Check" on page 608

  • "Using PortSentry to Lock Out Hackers" on page 613

  • "HostSentry" on page 619

  • "Paging the SysAdmin: Cracking in Progress!" on page 620

  • "An Example for Automatic Paging" on page 620

  • "Building on Your Example for Automatic Paging" on page 623

  • "Paging telnet and rsh Usage" on page 625

  • "Using Arpwatch to Catch ARP and MAC Attacks" on page 626

  • "Monitoring Port Usage" on page 630

  • "Monitoring Attacks with Ethereal" on page 631

  • "Using tcpdump to Monitor Your LAN" on page 632

  • "Monitoring the Scanners with Deception Tool Kit (DTK)" on page 637

  • "Monitoring Processes" on page 640

  • "Cron: Watching the Crackers" on page 643

  • "Caller ID" on page 643


       
    Top


    Real World Linux Security Prentice Hall Ptr Open Source Technology Series
    Real World Linux Security Prentice Hall Ptr Open Source Technology Series
    ISBN: N/A
    EAN: N/A
    Year: 2002
    Pages: 260

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net