[clug] DDos attacks using Linux hosts. (the-sky-is-falling now a "thing", according to the Aztec calendar)
Bryan Kilgallin
bryan at netspeed.com.au
Thu Sep 8 13:42:16 UTC 2016
Scott:
> Note that
> chkrootkit and rkhunter are not sufficient protection - though a
> properly configured and monitored transparent proxy will detect all but
> the most sophisticated side-channelling.
rkhunter logged these issues.
[23:14:43] Info: Starting test name 'passwd_changes'
[23:14:43] Checking for passwd file changes [ Warning ]
[23:14:43] Warning: User 'postfix' has been added to the passwd file.
[23:14:43]
[23:14:43] Info: Starting test name 'group_changes'
[23:14:43] Checking for group file changes [ Warning ]
[23:14:43] Warning: Group 'postfix' has been added to the group file.
[23:14:43] Warning: Group 'postdrop' has been added to the group file.
[23:14:43] Checking root account shell history files [ None found ]
[23:14:43]
[23:14:43] Info: Starting test name 'system_configs'
[23:14:43] Performing system configuration file checks
[23:14:43] Checking for SSH configuration file [ Not found ]
[23:14:43] Checking for running syslog daemon [ Found ]
[23:14:43] Info: Found rsyslog configuration file: /etc/rsyslog.conf
[23:14:43] Checking for syslog configuration file [ Found ]
[23:14:43] Checking if syslog remote logging is allowed [ Not allowed ]
[23:14:43]
[23:14:43] Info: Starting test name 'filesystem'
[23:14:43] Performing filesystem checks
[23:14:43] Info: SCAN_MODE_DEV set to 'THOROUGH'
[23:14:44] Checking /dev for suspicious file types [ None found ]
[23:14:44] Checking for hidden files and directories [ Warning ]
[23:14:44] Warning: Hidden directory found: /dev/.udev
[23:14:44] Warning: Hidden file found: /dev/.initramfs: symbolic link to
`/run/initramfs'
[23:15:13]
[23:15:13] Info: Test 'apps' disabled at users request.
[23:15:13]
[23:15:13] System checks summary
[23:15:13] =====================
[23:15:13]
[23:15:13] File properties checks...
[23:15:13] Files checked: 133
[23:15:13] Suspect files: 1
--
www.netspeed.com.au/bryan/
==========================
More information about the linux
mailing list