Inbreak testing system principle and practice (3)

Register behavior to monitor
Although net canal made the greatest effort, installed newest IDS, the method that the person that inbreak uses what cannot be monitored likely also will inbreak system, the person that one of important possibilities that create this kind of situation inbreak namely uses favour of the explore that include smell to common tool had obtained user code and can log onto a system legally.
One of tasks of such HOSTSENTRY product search a system namely not common operation, try to undertake register and be cancellinged undertaking monitoring to the user, and with respect to these activities in abnormal or the share that have not expects to the system the administrator calls the police.

The root operates monitoring
The ultimate goal of the person that inbreak is to master the root user attributive on lead plane be inbreakinged, if the good word of program of server of a WEB, beyond good besides the plan of few number maintenance time, should very few meeting has root user what operation, but root user people also undertake the overhaul rarely according to the plan, reachcapture to work for nothing however, but even if such, the person that inbreak is in very likely also bunny not the time of shit or person local doing gives some of what thing to come.
The battle line that needs defence still has with: Any operations of surveillant root user or systematic manager. A lot of UNIX systems allow an user to carry out include to login, all operation that monitor inside, and like LOGCHECK such tool can be opposite these entry the record tries monitoring submits to the net provides an attention.
If used the operating system of open source code, the net is in charge of people only one chooses: Improve a kernel. How to improve not be in the discussion limits of the article, after all such resource on INTERNET net is very much.
System of the file that monitor
Without giving thought to your desire how good, how does ID die, you also dare not assure systematic impregnable, is to unite dawn to be captured, the person that inbreak can begin to alter systematic document instantly, perhaps change a few settings to drop ID in order to abandon people military accomplishment (oh! Want experienced god meritorious service, surely first from palace! ! )
In the installation process of software, inevitable meeting changes systematic setting, these settings change general meeting to be in systematic file perhaps is reflected in the change of LIBRARY come out.
Be similar to TRIPWIRE, the file that the program of FCHECK and AIDE is designed to be used within testing system is fluctuant, report to systematic manager.
MD5 is used on all system file other perhaps add close, desired result and wait for a method, store these settings into the database, when the file changes, desired result and also can produce change.
Previous12 Next