> Another crack imperfection was that it generated strange messages > in the log files which led to the attack's discovery. It turns out > that one of the system administrators became uneasy as he was > looking through the log files of one of his machines. Note that a simple log checking program might have resulted in much quicker detection. Unless the attacker was clever enough to disable outgoing mail (and then clean the logs). Then you would need remote logging (as available with syslog-ng), with the log checker running on the logging server (and the logging server needs to be the most secure server, e.g. only accessible to a few individuals who run very secure workstations). -scott
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds