A shell script question
stevens at manhattan.lib.ks.us
stevens at manhattan.lib.ks.us
Tue Feb 24 06:52:39 CST 2004
I played around with snort a bit. I dont' know if that is what you are
looking for. It is a packet sniffer that logs suspicious things. There are
default rules that help it spot things, of course you can modify it.
www.snort.org
It's not a script of course.
-Steven
>
>> On Mon, 2004-02-23 at 16:21, Brian Densmore wrote:
>>> I'm looking to write a little shell/perl/python
>>> script to run on my server 24/7 looking for attackers.
>>
>> I dunno about hiding things from view -- I mean, "ps"
>> is easy to edit the source of to leave stuff out and
>> then recompile and replace, but to do this on your
>> own box is suspicious. You could run
>>
>> netstat -tncp
>>
>> into a p* program that constantly verifies that
>> only what is there is supposed to be there. Setting up
>> firewall rules would be stronger though.
>>
>>
>
>
More information about the Kclug
mailing list