[clug] Security: RoundCube Webmail Exploit

Peter Barker pbarker at barker.dropbear.id.au
Sat Apr 25 05:03:11 GMT 2009

On Sat, 25 Apr 2009, Andrew Janke wrote:

>> I use mon[1] on that server to monitor some key processes. Does anyone
>> know how to configure mon to monitor CPU load or an abnormal number of
>> running processes owned by root / www-data and the like?
> Or on this note a more general root-kit "scanner" for web-connected machines?

I prefer to think of them as "internet-connected" :-P

I've had "rkhunter" installed for a while.  Can't say I'm impressed - it 
hasn't picked *anything* up yet :)  Seriously, I can't say it works or not 
- but better to have it, really.

There's also "chkrootkit", which can be run periodically.

snort is also legendary - I run it on my firewall.  Tends to be somewhat 
verbose, but I think it's worth the pain.

> a

Peter Barker                          |   Programmer,Sysadmin,Geek.
pbarker at barker.dropbear.id.au	      |   You need a bigger hammer.
:: It's a hack! Expect underscores! - Nigel Williams

More information about the linux mailing list