Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

(Ozymandias) RE: Emergency Sentry Robot

by Ozymandias (Hermit)
on Sep 11, 2000 at 03:52 UTC ( #31826=note: print w/replies, xml ) Need Help??


in reply to Emergency Sentry Robot

This might have its uses, but it's risky to alert the person that you know they're there. They have a nasty habit of panicking and removing all logs via the "brute force method" - rm -rf *.

For quick security solutions, I find Psionic's freeware products to be excellent utilities for security; they're not perfect, but if you need something fast and accurate, they'll do the job. Even if they are written in Python...

I think especially highly of PortSentry and HostSentry, although HostSentry takes a little longer to set up than PortSentry.

- email Ozymandias

Replies are listed 'Best First'.
RE: (Ozymandias) RE: Emergency Sentry Robot
by Aighearach on Sep 11, 2000 at 05:28 UTC

    Well, in this case I already had log backups of the activity. And, installing a package represented an unknown time period to research the available options, and install that option. It's a testament to the power of Perl that in these situations it can take less time to write a program from scratch than it would likely take to locate and install a free package. Also, and this is just from a quick glance at the links, those products don't offer the functionality that my script does; they detect intruders, but not unauthorized access of private files by somebody with root access. In this case it was the owner of the machine who had tarred and transfered files he didn't have legal access to.

    Anyway, the logs are already multiplexed. ;)

    Paris Sinclair    |    4a75737420416e6f74686572
    pariss@efn.org    |    205065726c204861636b6572
    http://sinclairinternetwork.com
    
      Hey, it's your machine. All I can say is *I* wouldn't do that. Sure, the rm -rf * from / won't destroy the logs if you copy them off. So their immediate purpose is not well served. Umm... so? They've still completely trashed your box.

      Final word on the topic - alerting intruders that you are aware of their presense is a very bad idea. Do so at your own risk, and PLEASE don't try to tell people that it's not.

      - email Ozymandias
        Trashed my box? No, it's their box. And my files. I didn't say it is anything it's not, and I wasn't giving anybody advice. Why are you peeing on my node? Next time read it first.
        Paris Sinclair    |    4a75737420416e6f74686572
        pariss@efn.org    |    205065726c204861636b6572
        http://sinclairinternetwork.com
        
          A reply falls below the community's threshold of quality. You may see it by logging in.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://31826]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (8)
As of 2020-04-01 18:54 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    The most amusing oxymoron is:
















    Results (18 votes). Check out past polls.

    Notices?