15. Watch for Changes
Install a package to inform you about changes to configuration files, and other
critical files (executables and shells). There are several packages available
to do this.
- ASET
- ASET is a SUN package for Solaris (SUNWast). It's fairly good, but the
SUN security experts recommend against using it. The reason for this
was not obvious from the message. Based on this, I wouldn't use it.
- Axe Handle
- This is a set of scripts that I created. Their purpose is to look for the
results of a successful intrusion. This tool examines files and network status.
These scripts are available for use under the GNU
Public License.
- COPS
- This tool was developed at Purdue University. It primarily searches for
new security problems in a system, but is also useful in securing a system
initially.
- Tripwire
- Tripwire is the most frequently used intrusion detection tool. It is available
in both commercial and freeware versions.
For those with a bit less paranoia (or a bit more scripting / programming
skill), a simple set of scripts could be constructed to perform similar functions.
I have done this, and found that it only takes a few hours to create a rather
flexible, and powerful, tool. The advantage provided is that you will know exactly
how it works.
Now, it is time to reconnect your system to the network. All reasonable security
measures have been put in place, along with the appropriate monitoring tools.
