Keep Your Unix-Based System Safe This Summer (Part2)

System monitoring is the most important method for detecting all kinds of Trojans, viruses and any malicious activities on the system.

Maintaining control over file integrity can be acheived by installing a tripewire which has the ability to detect changes on each system on which it is installed, checks the integrity of normal binaries and reports any changes to syslog or by email, and alerting users to intrusions and unexpected changes with the available source code.

After installing the tripwire (using command: $ Sudo apt-get install tripwire) you will need to answer some questions regarding the configuration, and by the end you need to enter a password of at least 8 characters (twice).

The script generates keys for your site (host) and then asks you to enter a password (twice) for local use. You should then back up and delete the original plain-text files installed on the system.

Developers have made the appropriate policy for all files and configurations, but if you need to update or change something you can make the change at the file in /etc /tripwire/tw.pol.

Actually, the tripwire creates a database with snapshot of your file system, it uses this baseline along with the encrypted configuration and policy settings under the /etc/tripwire directory to monitor the status of your system.

Now you can perform a test scan:

$ Tripwire – check

The check will be on a daily bases and will report all changes, including the normal tasks allowed once like editing system configuration files, installing packages, etc … and all reports on the changed files will be sent to the root by email.

Final three points are:

* Keeping track of all access accounts, all important system configuration files should be readable and writable only by root. Home directory can be accessed only by you (600).
* Do not place users in many groups because group membership gives users special access to files and directories which are permitted to that group. Such as operator, audio, etc, this can creates a hole and gives user a special privilege not needed.
* Root privileges are needed only when they are really required. No need to run commands as root and if you really need to install or manipulate something, use sudo.

So make sure to apply all these security rules for a safe 2010 Summer.

make sure you subscribe to my RSS feed!

(Picture from Scott Ableman)