LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Scripts to detect break-ins

[ILUG] Scripts to detect break-ins

Brian Brazil bbrazil at netsoc.tcd.ie
Mon Dec 26 18:33:21 GMT 2005 

Over the last few weeks I've written a few scripts to detect certain
types of break-ins. These include website compromises and ssh brute
force password attacks.

There are 3 scripts:
ssh_brute_finder - check logfiles for ssh brute force attacks, and if
	they have compromised an account
long_running_apache - detects processes spawned by apache that have been
	running for too long
daemon_monitor - finds unknown daemons, as well as telling you if a
	system daemon dies

You can grab them from http://www.netsoc.tcd.ie/~bbrazil/code/brmon/
They have been tested on Debian Sarge and Solaris 8.

Brian

-- 
Website: http://www.netsoc.tcd.ie/~bbrazil

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell