Certain addon security measures?

T

tony1234

Verified User
Joined
Jul 25, 2005
Messages
71
I love this forum - lot of experience and excellent advice. Looking for thoughts on the below.

I have installed (on my CentOS 4.1, DirectAdmin server):
APF, BFD, RKHunter, CHKROOTKIT, SSH updates (non-root, different port, different ip, etc), changed permissions on binaries, ModSecurity, LSM (Linux Socket Monitor), done some xinetd restrictions, checked ports via nmap, and other excellent advices found here.

But from the main "checklist" stickys around and other posts, I am uncertain on people's takes on also installing the following thee items:
SNORT, Tripwire (or AIDE or Sanhaim), Remote Logging
What is everyone's thoughts on these three items? Do you use them in conjunction with APF/BFD or not? I don't see too many unanimous comments on these three items, so I wanted to get your thoughts on these three items before I assume they are good to install.

Thanks in advance, Tony
 
SNORT, Tripwire (or AIDE or Sanhaim), Remote Logging AND chrootkithunter


Will almost all explain the problem AFTER it's happened. I rather just prevent the problems then finding out after it what happens.

Remote Logging is enough for me to find out what problems could have occured. But too much security measures isn't always a bad thing ;)
 
Two follow-up questions:
1) What are my options for remote logging? I haven't found any really good sources for how to do that.

2) What about the file integrity check programs? Tripwire, Sanhaim, AIDE, Osiris? Is it still recommended to run one of these in addition to RKhunter/Logwatch? Which ones do you all use and do you like them?
(Jeff, I would like your input here as to what you run)
 
tony1234 said:
Two follow-up questions:
1) What are my options for remote logging? I haven't found any really good sources for how to do that.
Click to expand...
Have you looked here?
2) What about the file integrity check programs? Tripwire, Sanhaim, AIDE, Osiris? Is it still recommended to run one of these in addition to RKhunter/Logwatch? Which ones do you all use and do you like them?
(Jeff, I would like your input here as to what you run)
Click to expand...
To see what we offer on our dedicated rental servers, look here.

Jeff
 
From your server offering page (very nice by the way), I can't tell if you run any of these or not, it doesn't say one way or the other on these or list any equivalent products.

Still looking for your opinion, or anyone else's for that matter.

Thanks, Tony
 
I know it mentions logwatch and chkrootkit, but my original question asks if these others are good (or bad) in addition. (Just a little clarification)
 
I don't feel comfortable recommending security concepts to others in an open forum. Nor do I feel comfortable writing about everything we put on our servers in an open forum.

Do I like some of the items you've asked about? Do I use them? Absolutely.

Are any of them going to do any damage? Probably not as long as you've got enough systems resources.

Years ago we did remote logging to a local printer (the ultimate write once read many device :) ). We haven't done that since I sold my shares in the paper company :D .

Jeff
 
Thanks for the reply. I understand some of your previous answers better (on different threads as well) with your reply here.

I am the type who is just gathering thoughts on items, but wouldn't install anything based on one reply without tons of consideration. Me, its my programmer background in software development which forces my decisions to be wary. Have my own dedicated server and am learning there. Noobie at the server stuff, but am learning quick.

Just thoughts like your reply is all I need sometimes to confirm a direction I am looking into.

Thanks again, Tony
 
Just posting again to add that years ago when I was Sr. Programmer Analyst at a bank we were required by banking laws to do a lot of "Write Once Read Many" files.

Optical WORM drives (yes, it's an acronym) were how we did it. Big expensive platters from 3M, as I recall.

Today you could use a writable CDROM or writable DVD, but NOT rewritable.

There are libraries you can use with linux to enable a writable drive as a mountable writable partition. I'm not sure about the same for BSD.

Jeff
 
You must log in or register to reply here.
Back
Top