Browsing articles tagged with "securityaudit - Admins Goodies"
Oct 16, 2012
tom

How to check which process/utility/cron created/modified a file/folder in Linux

I have a folder on server, which has a website in it. the server has been cutoff from the internet, but after some time, few folders are automatically created in it with some suspicious files inside each of them. I have checked Cron jobs for all users, nothing is running through the Crons. After i tried to check the system calls to folder using Inotify tools, i got this result: ./Lq1Lbs/ MODIFY index.html ./Lq1Lbs/ CLOSE_WRITE,CLOSE […]

Continue Reading »
Apr 24, 2012
tom

Options for PCI-DSS on AWS – file integrity monitoring and intrusion detection

I need to deploy some file integrity monitoring and intrusion detections software on AWS instances. I really wanted to use OSSEC, however it does not work well in an environment where servers can auto deploy and shut down based on load, because it requires server managed keys to be generated. Including the agent in the AMI will not allow monitoring as soon as it comes up because of that. There are many options out there, […]

Continue Reading »
Feb 28, 2012
tom

Securing the network: IP conflicts and it’s solutions

Today I found out that I don’t know how to fix IP conflicts. Say you have a server with IP1 another machine connects and assigns itself IP1. How do people usually prevent this? How they(you) resolve? I heard that usually it is secured by ROUTER. Is that correct? And it is the only way? UPDATE: My question was about the situations when some user just assigns server IP to itself and that would cause problems. […]

Continue Reading »
Feb 2, 2012
tom

Turn on file auditing on network share in server 2008 r2

I have a server running 2008 R2 , is there a role / function on this that can be added / enabled that audits file access. e.g user1 deleted this folder, this file was edited by user2 etc. I have been having problems with some staff deleting folders in a public drive (I don’t know if by accident or on purpose), but everyone seems to deny all knowledge of it, so I would like to […]

Continue Reading »
Aug 25, 2011
tom

Tools for conducting a Security Audit / Probe

What are some good tools to run tests validating a Windows server Web & DB server is properly secure? Are there any tools which are comprehensive and will scan for all the popular known vulnerabilities? Nikto is a good tool. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on […]

Continue Reading »
Aug 25, 2011
tom

How do I know if my Linux server has been hacked?

What are the tell-tale signs that a Linux server has been hacked? Are there any tools that can generate and email an audit report on a scheduled basis? Keep a pristine copy of critical system files (such as ls, ps, netstat, md5sum) somewhere, with an md5sum of them, and compare them to the live versions regularly. Rootkits will invariably modify these files. Use these copies if you suspect the originals have been compromised. aide or […]

Continue Reading »
Aug 23, 2011
tom

Server security auditing tools for both windows and *nix servers

When we deploy a new server currently we do a Nessus scan on the sever from inside the firewall and we do a firewall audit to verify that only the desired ports are open on the firewall (since we do occasionally recycle IP addresses). What are you doing in your organization? Do you think it is enough? What would you be doing if you could? Never, ever rely on one tool. Nessus is a good […]

Continue Reading »
Aug 23, 2011
tom

Changing pam.d/system_auth?

I’m trying to change pam.d/system_auth to help with password complexity as required by an audit. I’m not familiar with PAM, but the system_auth file says This file is auto generated User changes will be destroyed the next time authconfig is run. Is there a proper way to edit permanent changes into system_auth rather than simply editing or am I misunderstanding the warning? All I need to do is add some simple tally’s and minlen, dcredit, […]

Continue Reading »
Aug 23, 2011
tom

Best way to find the computer a user last logged on from?

I am hoping that somewhere in Active Directory the “last logged on from [computer]” is written/stored, or there is a log I can parse out? The purpose of wanting to know the last PC logged on from is for offering remote support over the network – our users move around pretty infrequently, but I’d like to know that whatever I’m consulting was updating that morning (when they logged in, presumably) at minimum. I’m also considering […]

Continue Reading »
Aug 22, 2011
tom

Auditing Windows Server security

Inspired by this question: What tools are available to audit security on an existing Windows server, say Windows 2003, for my case, but what else, for which Windows Server version? What can I do to test the existing protections on the network? I’m looking for tools that can identify configuration errors, common and less common flaws, known issues, antivirus tools, any tool at all that can help identify and fix problems in the server. Extra […]

Continue Reading »
Pages:12»