Re: [cobalt-users] Rebuilding after Haq

["Fragga" <fragga@xxxxxxxxxxxx>]

hi,

have u got anything left over from before it was cracked ?
like logs, etc as if it was patched to the max would be interesting to see
how they got in...

unless you had a couple of dodgy cgi`s avaialble.

in answer to your questions...

get yourself an IDS like Snort from www.snort.org
auto-logchecker (if your lazy ) from
http://www.psionic.com/products/logsentry.html
portsentry scan detector from
http://www.psionic.com/products/portsentry.html
ipchains from
ftp://rpmfind.net/linux/redhat/6.2/en/os/i386/RedHat/RPMS/ipchains-1.3
tripwire from http://www.tripwire.org/files/rpm3/tripwire-2.3-47.i386.tar.gz

docs available with the downloads.

your going to have to learn to write some rules for IP chains but there are
plenty of pre-written ones available.

dont expect all these things to "secure" your system. they will only add to
getting it more "secure"

g`luck

fragga

----- Original Message -----
From: "Revd leonard payne" <vicarage@xxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, July 05, 2002 8:11 AM
Subject: [cobalt-users] Rebuilding after Haq


>
> Thanks folks for your help in advising me what to do after my Raq was
haq'd.
>
> My colo has rebuilt the machine along with SSH and CMU package.
>
> I have a CMU export tar.Z on another machine. and I guess that I can bring
> it across and do an import straight away.
>
> Questions
>
> What should I watch out for ?
>
> Should I install Tripwire first -  where do I get a pkg or whatever?
>
> Should I install portsentry, IPchains, ???  Where can i get them together
> with instructions. I want to have a working system by late Sunday night so
I
> have a little time.
>
> Blessings
>
> Revd Leonard
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>