[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: is it secure enough



Tripwire is a full blown setup for doing MD5 checksums and more.
Just save the tripwire file signatures to a read only floppy, and run the 
nightly compares out of cron.

Paul

On Mon, 19 Jan 1998, Paul Farber wrote:

> Its as secure as you make it.  Check the sys logs daily for attempts to
> get in, and readjust your filtering as needed.  The next step is to get
> the users to pick good passwords and watch the physical side of secutity
> (somebody giving out their password).  I have set up a cron job to check
> all config files and some important programs with an MD5 checksum, just
> in case a bad guy gets in and pokes a hole that you may not be looking
> for.  Right now the MD5 checksums are mailed (not to secure but it works
> for now) to me, it would be better to have them print out after a run
> (can't edit the hardcopy.)
> 
> 
> Paul
> 
> Erez Doron wrote:
> 
> > I've used my linux as firewall.
> >
> > i have one ip connected to the internet.
> > i use ip-masq for internal computers
> > i use ipfwadm to disable ip-spoofing
> > i use /etc/hosts.allow & /etc/hosts.deny to allow only local computers
> >
> > i should menstion here, that the linux-firewall is
> > a fully oprational machine ( i.e. mail, nfs, web, ftp , ... )
> >
> > the question is : is it secure enough ? are there aother things
> > i should know of or do ?
> >
> > btw: i use redhat4.2, kernel 2.0.33. any need to upgrade ( to RH5.0 ?
> > )
> >
> > Regards
> > Erez.
> 
> 
> 
> 

---------------------------------------------------------------------------

                                           ,--- 
    Paul Wilkins                          | o o |
    Internet Operations Manager           ` \_/ '         Linux 
    TMP Worldwide                         /\___/\         The Choice of
    paulw@tmpw.com.au                    |_/ . \_|        A GNU Generation
    http://www.monsterboard.com.au       \_/___\_/
---------------------------------------------------------------------------