[Owasp-Malaysia] investigate A Linux Compromise

Ang Chin Han ang.chin.han at gmail.com
Mon Dec 20 23:46:14 EST 2010

Installing fail2ban on publicly accessible servers is probably a Good Thing
as well, and would have saved someone some headaches.

Afaik, though, you have to compile fail2ban for sles9. All others just a
apt-get install fail2ban or yum install fail2ban away.

Ideally you have alternate ports or port knocking for ssh, but sometimes it
isn't possible when you to access the box from behind a firewall.

P.S. Keeping old unsupported distros running for sentimental and uptime
reasons is.... silly.

/me ಠ_ಠ

On Mon, Dec 20, 2010 at 10:51 PM, Harisfazillah Jamel <
linuxmalaysia at gmail.com> wrote:

> Team,
> Found this
> http://www.linuxquestions.org/questions/linux-security-4/server-infected-with-scanssh-pscan2-sshf-823263/
> and more sites that I should share with everybody
> http://sites.google.com/site/zenarstudio/home/kb/linux---howto---investigate-a-linux-compromise
> http://web.archive.org/web/20080109214340/http://www.cert.org/tech_tips/intruder_detection_checklist.html
> That all for now....
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20101221/55b5c768/attachment.html 

More information about the Owasp-Malaysia mailing list