Monitoring file integrity with FC4 - Tripwire??

Jeff Vian jvian10 at charter.net
Mon Oct 3 04:51:12 UTC 2005 

On Mon, 2005-10-03 at 14:19 +1000, Ian wrote:
> 
> Jeff Vian wrote:
> 
> >On Mon, 2005-10-03 at 11:41 +1000, Ian wrote:
> >  
> >
> >>Scot L. Harris wrote:
> >>
> >>    
> >>
> >>>On Sat, 2005-10-01 at 18:53, Ian Harris wrote:
> >>> 
> >>>
> >>>      
> >>>
> >>>>On Sat, 1 Oct 2005 01:46 pm, Scot L. Harris wrote:
> >>>>   
> >>>>
> >>>>        
> >>>>
> >snip
> >
> >  
> >
> >>Excellent advice. I don't have any servers or a network though, my PC is 
> >>just a home PC connected directly to the net.
> >>At one stage I had a home network set up with Smoothwall on a dedicated 
> >>PC, which had snort enabled. I used to check the logs occasionally, and 
> >>I was always gobsmacked at how many attempts to hack the box were 
> >>recorded. Hundreds a day sometimes.
> >>Cheers, Ian
> >>
> >>    
> >>
> >
> >I beg to differ with you.  
> >
> >Your home PC attached to the net IS on a network and IS a server.  The
> >complete list of services you have enabled is optional but by default
> >some are (assuming Linux of course), and thus tools for protection are
> >needed.  I get attacks on httpd and on sshd (the only ports I allow
> >remote connection to) regularly in a similar scenario.
> >
> >Different types and styles of networking have differing requirements but
> >even a single home PC needs some form of protection (unless it is
> >stand-alone and never connects to ANY network - a rarity indeed
> >nowdays).
> >
> >  
> >
> Couldn't agree more. I used Norton for years on Windoze, and use 
> Zonealarm now. Wouldn't consider connecting to the net without them. 
> When I installed FC4 I ensured no services where set up (http, ftp, etc) 
> because I couldn't think of a reason for letting other people on the net 
> connect to my PC without me connecting to them first. So, in terms of my 
> rather meagre understanding, I'm not serving anything to anybody on the 
> net. I'm still vulnerable to port scans and other hacker activity of 
> course, and this is all I'm trying to protect myself against. Since I 
> don't *really* understand selinux, iptables, firestarter et al (haven't 
> RTFMed yet) I'm just hoping the default settings as set up by the FC4 
> install are adequate for my purposes. So far no problems <touch wood>.
> Cheers, Ian
> 
A very quick check to see exactly what may be of concern would be to run
"nmap yourInternetIPaddress" on the machine and see what it returns.
Maybe nothing (in which case you have no concerns) and maybe a list of
ports that are open (in which case you have a specific list of ports to
be careful of).

More information about the fedora-list mailing list