Monitoring
log files: syslog, messages etc.
make sure these are usable
e.g. by rolling over nightly
unusual processes or logins
files (e.g. /tmp): tripwire
try to automate checks
WITH AUTHORITY
check passwords, idle accounts
satan, mscan & other portscanners
Previous slide
Back to first slide
View graphic version