Monitor your system for threats with rsec alerts

Aug 24, 2009, 16:33 (0 Talkback[s])
(Other stories by Vincent Danen)

"In light of that, rsec was forked from msec and stripped everything from msec beyond the reporting capabilities. Rsec was first introduced in the Annvix distribution and is available for any Linux system; packages for CentOS and Red Hat Enterprise Linux are available from the Annvix RHEL YUM Repository.

"When you install the rsec package, it creates the /etc/security/rsec.conf configuration file where you can enable and disable any checks that you want. The file is heavily commented so configuration is simple. Rsec can also use rkhunter (scans for rootkits) in its reporting by enabling the CHECK_RKHUNTER test; this runs rkhunter and includes its output in the reports."

Complete Story

Related Stories:

• A Linux security story(Jul 18, 2009)
• Practical password security(Feb 11, 2009)
• How to: Manage Traffic Using Tomato and QoS(Feb 04, 2009)
• sudo: Running a Command with root Privileges(Dec 27, 2008)
• Editor's Note: Instead of Throwing Everyone In Jail, Fix Your Lousy Products(Dec 06, 2008)
• Hardening The Linux Kernel With Grsecurity (Debian)(Nov 20, 2008)
• Turn Linux into Fort Knox: 10 Tools for a Safer Web Server(Oct 10, 2008)
• Make Linux: Harder - Better - Faster(Oct 03, 2008)