[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: is it secure enough
We also run Tripwire on __ALL__ of our servers.
We actually have a dedicated machine that compiles it all and
globally checks our client systems too.
We've been using it for about 3 -4 years now and have never looked
back - it picks up every little suspect change.
Adam
> Tripwire is a full blown setup for doing MD5 checksums and more.
> Just save the tripwire file signatures to a read only floppy, and run the
> nightly compares out of cron.
>
> Paul
>
> On Mon, 19 Jan 1998, Paul Farber wrote:
>
> > Its as secure as you make it. Check the sys logs daily for attempts to
> > get in, and readjust your filtering as needed. The next step is to get
> > the users to pick good passwords and watch the physical side of secutity
> > (somebody giving out their password). I have set up a cron job to check
> > all config files and some important programs with an MD5 checksum, just
> > in case a bad guy gets in and pokes a hole that you may not be looking
> > for. Right now the MD5 checksums are mailed (not to secure but it works
> > for now) to me, it would be better to have them print out after a run
> > (can't edit the hardcopy.)
> >
> >
> > Paul
> >
> > Erez Doron wrote:
> >
> > > I've used my linux as firewall.
> > >
> > > i have one ip connected to the internet.
> > > i use ip-masq for internal computers
> > > i use ipfwadm to disable ip-spoofing
> > > i use /etc/hosts.allow & /etc/hosts.deny to allow only local computers
> > >
> > > i should menstion here, that the linux-firewall is
> > > a fully oprational machine ( i.e. mail, nfs, web, ftp , ... )
> > >
> > > the question is : is it secure enough ? are there aother things
> > > i should know of or do ?
> > >
> > > btw: i use redhat4.2, kernel 2.0.33. any need to upgrade ( to RH5.0 ?
> > > )
> > >
> > > Regards
> > > Erez.
> >
> >
> >
> >
>
> ---------------------------------------------------------------------------
>
> ,---
> Paul Wilkins | o o |
> Internet Operations Manager ` \_/ ' Linux
> TMP Worldwide /\___/\ The Choice of
> paulw@tmpw.com.au |_/ . \_| A GNU Generation
> http://www.monsterboard.com.au \_/___\_/
> ---------------------------------------------------------------------------
>
>
+----------------------------------------------------+
| Adam Neat | NOC Tel: 03-9887-1984 |
| National Systems Manager | NOC Fax: 03-9801-8533 |
| IPAX Systems - Australia | http://www.ipax.com.au|
| Mobile: 0414-348-187 | adamneat@ipax.com.au |
+----------------------------------------------------+