Computer News & Safety – Harry Waldron Rotating Header Image

Network Vulnerability Analysis – Linux and Unix audit tools

All computers and applicable devices in a corporate environment should be periodically checked using the security audit process and applicable tools.  Some good resources are shared below to facilitate these needs for Linux and UNIX operating systems.

https://isc.sans.edu/forums/diary/Quick+Audit+of+NIX+Systems/20771/

https://blog.sucuri.net/2016/02/investigating-a-compromised-server-with-rootcheck.html

If you think that only computers running Microsoft Windows are targeted by attackers, you’re wrong! UNIX (used here as a generic term, not focusing on a specific distribution or brand) is a key operating system on the Internet. Many websites and other public services are relying on it (Netcraft is compiling interesting stats on this topic). UNIX web servers are constantly visited by bots which are looking for vulnerabilities. When new ones are discovered, it never takes a long time to see new scanners crawling the net.

Therefore it is mandatory to keep an eye on your servers by using proactive and reactive controls. Besides the classic monitoring of log files, reactive security controls may include a deeper check at the operating system level to look for suspicious activity like processes, files, … On the proactive side, misconfigurations must also be tracked.   A few days ago, Daniel Cid published an interesting article about the tool “rootcheck”. It is a component of the well known OSSEC suite but a stand alone version exists. To use it, just follow those simple steps …

Comments are closed.