Linux Today: Linux News On Internet Time.

More on LinuxToday

Kernel Developers Share Security Tips

Oct 07, 2011, 15:02 (0 Talkback[s])
(Other stories by Joe Brockmeier)

[ Thanks to Amy Newman for this link. ]

"Kroah-Hartman also recommends inspecting systems using a live CD and scanning through logs looking for 'mysterious' messages like programs trying to touch /dev/mem.

"Willy Tarreau also contributed several suggestions, like checking to see that connections between local machines are expected. Tarreau advises users to grep /var/log/messages specifically for "sshd" and to look for the string 'Invalid user' coming from internal machines.

"Tarreau notes that outgoing SMTP requests are also suspect. "If one machine suddenly tries to send mails directly to outside, it might be someone trying to steal some data" such as SSH keys, said Tarreau."

Complete Story

Related Stories: