[clug] DDos attacks using Linux hosts. (the-sky-is-falling now a "thing", according to the Aztec calendar)

Bryan Kilgallin bryan at netspeed.com.au
Thu Sep 8 13:42:16 UTC 2016


Scott:

> Note that
> chkrootkit and rkhunter are not sufficient protection - though a
> properly configured and monitored transparent proxy will detect all but
> the most sophisticated side-channelling.

rkhunter logged these issues.

[23:14:43] Info: Starting test name 'passwd_changes'
[23:14:43]   Checking for passwd file changes                [ Warning ]
[23:14:43] Warning: User 'postfix' has been added to the passwd file.
[23:14:43]
[23:14:43] Info: Starting test name 'group_changes'
[23:14:43]   Checking for group file changes                 [ Warning ]
[23:14:43] Warning: Group 'postfix' has been added to the group file.
[23:14:43] Warning: Group 'postdrop' has been added to the group file.
[23:14:43]   Checking root account shell history files       [ None found ]
[23:14:43]
[23:14:43] Info: Starting test name 'system_configs'
[23:14:43] Performing system configuration file checks
[23:14:43]   Checking for SSH configuration file             [ Not found ]
[23:14:43]   Checking for running syslog daemon              [ Found ]
[23:14:43] Info: Found rsyslog configuration file: /etc/rsyslog.conf
[23:14:43]   Checking for syslog configuration file          [ Found ]
[23:14:43]   Checking if syslog remote logging is allowed    [ Not allowed ]
[23:14:43]
[23:14:43] Info: Starting test name 'filesystem'
[23:14:43] Performing filesystem checks
[23:14:43] Info: SCAN_MODE_DEV set to 'THOROUGH'
[23:14:44]   Checking /dev for suspicious file types         [ None found ]
[23:14:44]   Checking for hidden files and directories       [ Warning ]
[23:14:44] Warning: Hidden directory found: /dev/.udev
[23:14:44] Warning: Hidden file found: /dev/.initramfs: symbolic link to 
`/run/initramfs'
[23:15:13]
[23:15:13] Info: Test 'apps' disabled at users request.
[23:15:13]
[23:15:13] System checks summary
[23:15:13] =====================
[23:15:13]
[23:15:13] File properties checks...
[23:15:13] Files checked: 133
[23:15:13] Suspect files: 1

-- 
www.netspeed.com.au/bryan/
==========================



More information about the linux mailing list