[clug] Security: RoundCube Webmail Exploit
Peter Barker
pbarker at barker.dropbear.id.au
Sat Apr 25 05:03:11 GMT 2009
On Sat, 25 Apr 2009, Andrew Janke wrote:
>> I use mon[1] on that server to monitor some key processes. Does anyone
>> know how to configure mon to monitor CPU load or an abnormal number of
>> running processes owned by root / www-data and the like?
>
> Or on this note a more general root-kit "scanner" for web-connected machines?
I prefer to think of them as "internet-connected" :-P
I've had "rkhunter" installed for a while. Can't say I'm impressed - it
hasn't picked *anything* up yet :) Seriously, I can't say it works or not
- but better to have it, really.
There's also "chkrootkit", which can be run periodically.
snort is also legendary - I run it on my firewall. Tends to be somewhat
verbose, but I think it's worth the pain.
> a
Yours,
--
Peter Barker | Programmer,Sysadmin,Geek.
pbarker at barker.dropbear.id.au | You need a bigger hammer.
:: It's a hack! Expect underscores! - Nigel Williams
More information about the linux
mailing list