Monitoring

• log files: syslog, messages etc.

  • make sure these are usable
  • e.g. by rolling over nightly

• unusual processes or logins

• files (e.g. /tmp): tripwire

• try to automate checks

WITH AUTHORITY

• check passwords, idle accounts

• satan, mscan & other portscanners

Previous slide

Back to first slide

View graphic version