Monitoring Tool

Andrew Bacchi bacchi at rpi.edu
Tue Feb 20 15:17:44 UTC 2007 

What is it that makes you think you're being hacked?  Do you see any 
processes that are running that shouldn't be there?

There are many things you can do to monitor and protect your system. 
First, don't run any services unless you have a need to run them. 
Second keep a good set of rules on your firewall to only allow those 
users or open those ports that you need.

Run ckhrootkit occasionally to see if anyone has rooted you.  I was 
rooted once, and it was not fun.  Total install from scratch was the 
solution.

http://freshmeat.net/projects/chkrootkit/

You can set up tripwire to see if any files have been altered, though I 
always thought this was too much work for what you get.

Check the output of 'last' or 'lastlog'.  That will tell you when each 
user has logged in.


Nilesh wrote:
> Hello All,
> 
> Some one trying to Hack My System I have checked the
> /var/log/messages but could found the entries for
> which  remote systems are trying to connect to my
> system
> Which logs should I check?
> or is there good software for real time alerts
> 
> Regards
> Nilesh.
> 
> --- Mad Unix <madunix at gmail.com> wrote:
> 
>> check this one
>> http://www.heroix.com
>>
>>
>> On 2/19/07, feras adel <feras511 at yahoo.com> wrote:
>>> hello
>>>
>>> you can use gnome-system-monitor from the command
>> line, or access it from
>>> aaplication-->system tools-->system monitor
>>>
>>> Regards
>>>
>>> Nilesh <niluforalways at yahoo.com> wrote:
>>> Hello All,
>>>
>>> I want to monitor all activities on my Linux
>> system
>>> could any one tell me which tool is best
>>> Want to monitor
>>> 1) whos trying to connect me to any port ( from IP
>> or
>>> Domain Name)
>>> 2) users connected
>>> 3) services running
>>>
>>> Regards
>>> Nilesh
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
> ____________________________________________________________________________________
>>> Cheap talk?
>>> Check out Yahoo! Messenger's low PC-to-Phone call
>> rates.
>>> http://voice.yahoo.com
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>>
>>> ---------------------------------
>>> Check out the all-new Yahoo! Mail beta - Fire up a
>> more powerful email and
>>> get things done faster.
>>> --
>>> redhat-list mailing list
>>> unsubscribe
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>>
>> -- 
>> madunix
>> -- 
>> redhat-list mailing list
>> unsubscribe
>>
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
> 
> 
> 
>  
> ____________________________________________________________________________________
> Need a quick answer? Get one in minutes from people who know.
> Ask your question on www.Answers.yahoo.com
> 

-- 
veritatas simplex oratio est
		-Seneca

Andrew Bacchi
Systems Programmer
Rensselaer Polytechnic Institute
phone: 518.276.6415  fax: 518.276.2809

http://www.rpi.edu/~bacchi/

More information about the redhat-list mailing list