How do I check if someone attempted to hack my server or not?
I run RHE server, and let's say that I want to check to see if someone attempted to hack my server or not everyday. What do I need to do? What do I need to check?
|
yetanotherfcw sorry about getting back to you late on this one. Some how I over looked this post. The fist thing you would want to do is install RKHunter and CHKRootKIt. Another thing you want to do is check the bash history of root. And make sure theres nothing funny there. After you install RKHunter and CHKRootKIt run them and make sure nothing funny pops up. Also make sure you check over your daily LogWatch and look for anything funny.
|
How difficult is it to install RKHunter and CHKRootKIt? Also should I install both?
... and is LogWatch an application? |
They are both easy to install, I would run both. Logwatch runs daily chech the root mail folder, I bet its full. Thats where logwatch reports every night.
http://www.eth0.us/rkhunter <------rkhunter install guide http://www.webhostgear.com/25.html <----- chkrootkit install guide |
RKHunter is very easy to install... as is chkrootkit
|
All times are GMT -5. The time now is 08:17 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
HTML Help provided by HTML Help Central.