Monitor your system for threats with rsec alerts
Aug 24, 2009, 16:33 (0 Talkback[s])
(Other stories by Vincent Danen)
"In light of that, rsec was forked from msec and stripped
everything from msec beyond the reporting capabilities. Rsec was
first introduced in the Annvix distribution and is available for
any Linux system; packages for CentOS and Red Hat Enterprise Linux
are available from the Annvix RHEL YUM Repository.
"When you install the rsec package, it creates the
/etc/security/rsec.conf configuration file where you can enable and
disable any checks that you want. The file is heavily commented so
configuration is simple. Rsec can also use rkhunter (scans for
rootkits) in its reporting by enabling the CHECK_RKHUNTER test;
this runs rkhunter and includes its output in the reports."