[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Installing SSH2, IPChains, Portsentry, Logcheck, Tripwire, Chkrootkit, Lionfind, Whois, lcap and more
- Subject: Re: [cobalt-users] Installing SSH2, IPChains, Portsentry, Logcheck, Tripwire, Chkrootkit, Lionfind, Whois, lcap and more
- From: "Mike Fritsch" <mfritsch@xxxxxxxxxxxx>
- Date: Wed Apr 25 18:00:03 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
>
> ______________________
> Installing LCAP (keeps kernels from being loaded):
> # wget
> http://owned.lab6.com/~gossi/RaQ-security/files/lcap-0.0.3-2.i386.rpm
> # rpm -iv lcap-0.0.3-2.i386.rpm
> Check to see that everything is okay:
> # /sbin/lcap CAP_SYS_MODULE
> If you get no errors, add it to the /etc/rc.d/rc.local file.
> Reboot the server.
> ***From Gossi on the security list***
> Basically, that stops loadable kernel modules from being inserted into
> the
> kernel once the command is run (ie at boot). So if somebody breaks in
> and
> tries to load up something like adore, knark (or one of the other
> various
> Linux Kernel Module rootkits) they won't be able to, without
> forcefully
> removing lcap (which requires removing the line from rc.local and
> rebooting the RaQ, which is easily noticable).
> ***************************
Carrie
How did you get around the emails sent to admin about every 10 minutes after
you installed LCAP that say:
Subject: Cron <root@raq> /sbin/rmmod -as
rmmod: Operation not permitted
Mike
>
> -----------------------------------
> Install Chkrootkit:
> # wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
> # gunzip chkrootkit.tar.gz
> # tar -xvf chkrootkit.tar
> # cd chkrootkit-0.31
> # make clean
> # make
> # ./chkrootkit
> If you've got Portsentry installed you'll probably get a false
> positive on bindshell, tcp port 31337. Also the 'z2' will report that
> the last log entry may be corrupted. See www.chkrootkit.org for more
> info, or for more in-depth commands.
>
> ____________________
> Install LionFind:
> # wget
> http://www.ists.dartmouth.edu/IRIA/knowledge_base/tools/lionfind-0.1.9
> .tar.gz
> # tar -xzvf lionfind-0.1.9.tar.gz
> # cd lionfind-0.1.9
> # ./lionfind
>
> _____________________
> Install Whois:
> # wget
> ftp://rpmfind.net/linux/redhat/7.0/en/os/i386/RedHat/RPMS/whois-1.0.3-
> 2.i386.rpm
> # rpm -iv whois-1.0.3-2.i386.rpm
>
> Test it by typing in a domain name that you know:
> # whois yahoo.com
>
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
- Prev by Date:
[cobalt-users] Installing SSH2, IPChains, Portsentry, Logcheck, Tripwire, Chkrootkit, Lionfind, Whois, lcap and more
- Next by Date:
Re: [cobalt-users] Installing SSH2, IPChains, Portsentry, Logcheck, Tripwire, Chkrootkit, Lionfind, Whois, lcap and more
- Previous by thread:
[cobalt-users] Installing SSH2, IPChains, Portsentry, Logcheck, Tripwire, Chkrootkit, Lionfind, Whois, lcap and more
- Next by thread:
Re: [cobalt-users] Installing SSH2, IPChains, Portsentry, Logcheck, Tripwire, Chkrootkit, Lionfind, Whois, lcap and more
- Sun Cobalt Users Message Index
- Sun Cobalt Users Thread Index