Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: AIDE on RHEL
Operating Systems Linux Red Hat AIDE on RHEL Post 302358905 by pludi on Monday 5th of October 2009 07:35:59 AM
Old 10-05-2009
Did you check your crontab(s) for any automatic update jobs? If there are none, you have a few options:
  • Restore those files from the official repository and monitor the system for some time (easy route)
  • If available, connect the system to a switch that can mirror traffic to a monitoring port, connect a second PC to that port and monitor the traffic with tcpdump / wireshark
  • Shut down the system, start with a Live-CD, mount all filesystems read-only and create an image on an NFS/CIFS share using dd. Create at least one copy of that image and keep it in a safe place should you need to hand it over to the authorities. If you want you can use another copy of it to start in a virtual machine and have it checked by a few virus scanners.
  • For a quick check, copy the files to a safe machine and upload them here. This site will run a few different scanners on the files to check for virii.

But most important: Don't Panic. As soon as you're sure that the system is safe, disable all unsafe daemons (telnet, ...), and secure any required services (eg. moving SSH to a different port, require public key authentication, setup IPtables, ...)
 

8 More Discussions You Might Find Interesting

1. Solaris

Wonderful world of AIDE

I am having trouble getting the aide/configure to see the static link libmash. I verifyed that I had a static of mhash installed. #./configure --enable-static=yes did #make install #make check Everything looks good. Ran Aide 0.10 configure by: #./configure And I get the... (0 Replies)
Discussion started by: siamhien
0 Replies

2. UNIX and Linux Applications

AIDE on AIX. Problem with compilation.

I want install AIDE (AIDE - Advanced Intrusion Detection Environment) on AIX 5.3L # oslevel -qs | head Known Service Packs ------------------- 5300-09-02-0849 5300-09-01-0847 5300-09-00-0000 5300-08-05-0846 5300-08-04-0844 5300-08-03-0831 5300-08-02-0822 5300-08-01-0819 5300-07-07-0846... (1 Reply)
Discussion started by: jess_t03
1 Replies

3. Shell Programming and Scripting

AIDE Encryption

Hey All, I need to implement AIDE on my client machines. The builds on these machine are different, so each workstation will have its own specific db generated through running AIDE initially. It is not good practice to just leave the db on the machine, since an "attacker" would be able to view... (0 Replies)
Discussion started by: mibaile5
0 Replies

4. Red Hat

Does RHEL 5 provide a command to collect RHEL system log in single compress file?

Hi, I heard a command that can collect all RHEL 5 log in a single compress file before I forget. Does any body know...What the command is ? Thanks. (4 Replies)
Discussion started by: nnnnnnine
4 Replies

5. Red Hat

Error throwing while installing vsftpd package in rhel 6. using rhel 6 dvd.

Hi all, Im studying rhcsa as of now, so yum installation and dependencies are messing me to not workit out. i have dual os, win 7 & rhel 6. i have tried this installation of vsftpd package with rhel 6 dvd in VM rhel 6 in win 7 as well as host rhel 6.still the same issue. below error... (6 Replies)
Discussion started by: redhatlbug
6 Replies

6. Red Hat

RHEL 6, Spacewalk 2.3 unable to download RHEL 5 repo data

Hello all, I am having a bit of an issue on my Spacewalk installation. Some amplifying information is that it is Spacewalk 2.3 installed on a RHEL 6 machine and I am attempting to install/update a RHEL 5 channel/repository. I am fairly new to Spacewalk so I am still learning but this is what I... (3 Replies)
Discussion started by: jstone4646
3 Replies

7. UNIX for Dummies Questions & Answers

Windows->RHEL->RHEL X11 Forwarding?

I know this question might have been asked a lot but couldn't find anything that worked. From a windows machine 'A' I can only SSH into Linux server 'B' from where I can SSH into another Linux server 'C'. I need to be able to run GUI interfaces on server C which run on my Windows machine. I... (3 Replies)
Discussion started by: hr.prasan
3 Replies

8. Solaris

How can i configure AIDE on Solaris 10?

Hi Community, how can i configure AIDE on SPARC solaris 10. My AIDE is running and creating databases. But it's not loading any changes. what changes needs to be done in aide.conf file. Thanks & Regards, Ben (0 Replies)
Discussion started by: bentech4u
0 Replies

LEARN ABOUT DEBIAN

bootcd2disk

BOOTCD2DISK(1)							   bootcd utils 						    BOOTCD2DISK(1)

NAME

       bootcd2disk - copy a system running from bootcd to a disk

SYNOPSIS

       bootcd2disk [-i] [-s] [-c <config directory>] [-url <url>]

DESCRIPTION

       With  bootcd2disk  a  CD  build	with  bootcdwrite can be copied to one or more Disk Partitions from the running cd-based system. Therefore
       bootcd could be used to make rescue disks.

       It is also possible to let bootcd2disk automatically find a disk, make partitions on it, copy  the  cd  to  the	disk  and  make  the  disk
       bootable.  bootcd2disk will be available as soon as your system is running from cd.

OPTIONS

       -i  With  this  option  the complete bootcd2disk runs in interactive mode and you can run each function manually. This option is useful for
	   debugging.

       -v  The option "-v" (verbose) adds messages on running.

       -s  This option can be used to disable interactive questions and to try to ignore errors.

       -c <config directory>
	   The configuration directory which normally is "/etc/bootcd" can be changed with this.

       -url <url>
	   If bootcd2disk is slow on your system (because of a slow CD/DVD drive or the HP ILO virtual CD interface), you can use an image  server
	   to  get the image from.  bootcd2disk use the SWAP partition of your upcoming system as temporary space and copy the image from the con-
	   figured image server to this partition and use it as image.	The image server url is configured with this option.

	   example install from imagesserver:
	       bootcd2disk -url http://192.168.1.1/cdimage.iso

	   Another way the increase the performance is the use of the mounted CD/DVD itself for the copy. The option "-url" is the same,  the  url
	   starts with "file:///"

	   example install from CD/DVD drive sdc0:
	       bootcd2disk -url file:///dev/sdc0

	   The swap partition of the upcoming system must have enough space to get the whole image!

       Currently no other options can be specified on command line. All other configuration has to be done in the config files.

FILES

       /etc/bootcd/bootcd2disk.conf

       Configuration for bootcd2disk.

SEE ALSO

       Documentation in bootcd2disk.conf
       bootcd2disk.conf(5), bootcd(1), bootcdflopcp(1), bootcdwrite(1)

AUTHOR

       This  manual  page  was written by Bernd Schumacher <bernd.schumacher@hp.com> and Carsten Dinkelmann <Carsten.Dinkelmann@foobar-cpa.de> for
       the Debian GNU/Linux system (but may be used by others).

bootcd2disk							    2007-04-04							    BOOTCD2DISK(1)
All times are GMT -4. The time now is 02:12 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy