Hi all
Is there a way I can detect and monitor backdoors that may be present on a system? I want to see how users can come in and if possible log their IPs and ban them from the system altogether.

Also, is there a way other than cron and at to have a script start off a program? I can see a process coming up but cannot find out how it is starting up again and again.

Much appciated....


KS

One way - It could be in the init file - look at /etc/inittab - entries can be added to respawn when a process dies.

If you don't have an inittab, post the OS you are using.

Back doors in several cases are programming errors,
the most common reaction is the corrective reaction.
My suggestion is to disable all services that you don't use.

There are several programs to check if you have the
latest patches in your system, some freewares and
others no.

In the last category I prefer ESM (Enterprise Security
Manager from Symantec _previusly from axent_), but there
are severals for example the SAFEsuite has more integration.
These tools are multiplatform and centralized.

In the other hand depend on your OS.


Please POST your OS an the program name.

Regards. Hugo.

My OS is Redhat Linux 7.3. The respawnning process is vbox.

If you are using ISDN or GTK is normal.

If ISDN look at /etc/isdn

Regards. Hugo.

no, not using GTK or ISDN? What are they used for? I did see /etc/isdn and am looking into it at the moment.

If you're not using isdn, you can uninstall the isdn* RPMs.
vbox is the name of a program included with ISDN utilities.