Chapter 9. Testing and Monitoring
To keep your system secure, be proactive: test for security holes and monitor for unusual activity. If you don’t keep watch for break-ins, you may wake up one day to find your systems totally hacked and owned, which is no party.
In this chapter we cover useful tools and techniques for testing and monitoring your system, in the following areas:
- Logins and passwords
Testing password strength, locating accounts with no password, and tracking suspicious login activity
- Filesystems
Searching them for weak security, and looking for rootkits
- Networking
Looking for open ports, observing local network use, packet-sniffing, tracing network processes, and detecting intrusions
- Logging
Reading your system logs, writing log entries from various languages, configuring syslogd, and rotating log files
We must emphasize that our discussion of network monitoring and intrusion detection is fairly basic. Our recipes will get you started, but these important topics are complex, with no easy, turnkey solutions. You may wish to investigate additional resources for these purposes, such as:
Computer Incident Advisory Capability (CIAC) Network Monitoring Tools page: http://ciac.llnl.gov/ciac/ToolsUnixNetMon.html
Stanford Linear Accelerator (SLAC) Network Monitoring Tools page: http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html
National Institutes of Health “Network and Network Monitoring Software” page: http://www.alw.nih.gov/Security/prog-network.html
Setting Up ...
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.