nagios monitoring for hack

Andrew Davis nccomp at gmail.com
Tue Jun 9 15:30:24 CEST 2009

Previous message: nagios monitoring for hack
Next message: check_hpasm (3.5) problem on RHEL3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'd look into the various hardening and monitoring tools available 
(Bastille, Tripwire, chroot, etc). There's different tools for different 
purposes, obviously. We chroot all our BIND and Apache stuff. Bastille 
is great for hardening the environment. Tripwire monitors for changes to 
key files. Each program has its own logging mechanisms. So once you have 
your tool in place, you can use Nagios to watch the log file(s) and 
generate alerts based on keywords (ALERT, WARN, CRIT, etc). You can also 
dump your logs to an alternate server and have Nagios watch them from 
there, but in the case of DDoS attack, your bandwidth may be affected 
for remote syslog and/or Nagios network checks.

  A. Davis
  Email:     nccomp at gmail.com

  "There is no limit to what a man can accomplish
   if he doesn't care who gets the credit." - Ronald Reagan



shadih rahman wrote:
> our web sites got hacked and we were subjected to ddos for last few 
> days.  I wanted to know what can I do for monitoring to find out if I 
> am hacked or not.  By the way, we were hacked by php exploits.  Please 
> advise on this.  Thanks
>
> -- 
> Cordially,
> Shadhin Rahman
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing 
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> ------------------------------------------------------------------------
>
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20090609/adef8874/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: nagios monitoring for hack
Next message: check_hpasm (3.5) problem on RHEL3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list