El Lunes, 22 de Octubre de 2007 23:48, Dave Burns escribió: > Exactly. So there are three contexts in which you are using the tools: > > 1) Not sure you've been hacked, just suspicious or vigilant. > 2) Sure you've been hacked, have not yet rebooted, looking for information. > 3) Sure you've been hacked, rebooted using a CD (e.g. knoppix) or > other known-good /. > > In situation 1 and 2, you can't totally trust your tools, unless > they're giving you bad news. In situation 3 your can trust the tools > as much as you can trust the "known-good /" where they are located. So > you're never totally sure you're in the clear. Well, in case 2, you'd not be 100% confident, rootkit are there and they might installed one on your system, so, let's start to doubt :) > > I guess the truly paranoid might boot from a CD and do an audit > periodically, I guess that might make me feel pretty confident. Hard > to automate it (and may open up new vulnerabilities), no one wants it > happening during ordinary working hours, and I don't want to be doing > it by hand outside ordinary hours. Yuck. Good point, that's totally crazy in production enviroments. > > >To evalue my general system security I use babel > > Is that comparable to nagios, or more security oriented? > Well, I'm one of the main developers of Babel, so don't take this as a spam, it fits perfectly in this scenario. It's security oriented, Babel performs a security level check of the machine, or hardening. The check consists of a number of auditing tests that obtain a snap of the security status of each machine. The result is a security index of the system that is given after each execution. Just totally off-topic, I'm just curious, Dave, do you speak spanish? Un saludo!! Manuel -- Manuel Arostegui Ramirez. Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues.
