Table of Contents
Advertisement
use netstat -ap or netstat -anp. The -p option allows you to see which
process is occupying a port under which name.
Compare the netstat results with those of a thorough port scan done from outside
your host. An excellent program for this job is nmap, which not only checks out
the ports of your machine, but also draws some conclusions as to which services
are waiting behind them. However, port scanning may be interpreted as an aggressive
act, so do not do this on a host without the explicit approval of the administrator.
Finally, remember that it is important not only to scan TCP ports, but also UDP
ports (options -sS and -sU).
• To monitor the integrity of the files of your system in a reliable way, use the program
AIDE (Advanced Intrusion Detection Environment), available on SUSE Linux
Enterprise. Encrypt the database created by AIDE to prevent someone from tamper-
ing with it. Furthermore, keep a backup of this database available outside your
machine, stored on an external data medium not connected to it by a network link.
• Take proper care when installing any third-party software. There have been cases
where a hacker had built a trojan horse into the tar archive of a security software
package, which was fortunately discovered very quickly. If you install a binary
package, have no doubts about the site from which you downloaded it.
SUSE's RPM packages are gpg-signed. The key used by SUSE for signing is:
ID:9C800ACA 2000-10-19 SUSE Package Signing Key <build@suse.de>
Key fingerprint = 79C1 79B2 E1C8 20C1 890F 9994 A84E DAE8 9C80 0ACA
The command rpm --checksig package.rpm shows whether the checksum
and the signature of an uninstalled package are correct. Find the key on the first
CD of the distribution and on most key servers worldwide.
• Check your backups of user and system files regularly. Consider that if you do not
test whether the backup works, it might actually be worthless.
• Check your log files. Whenever possible, write a small script to search for suspicious
entries. Admittedly, this is not exactly a trivial task. In the end, only you can know
which entries are unusual and which are not.
• Use tcp_wrapper to restrict access to the individual services running on your
machine, so you have explicit control over which IP addresses can connect to a
900
Installation and Administration
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 04-08-2006
Related Products for Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 04-08-2006
- NOVELL IDENTITY MANAGER 3.6.1 - UNDERSTANDING POLICIES 05-06-2009
- NOVELL LINUX ENTERPRISE SERVER 10 - ARCHITECTURE-SPECIFIC INFORMATION 08-04-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - ARCHITECTURE-SPECIFIC INFORMATION 08-05-2008
- NOVELL LOGIN SCRIPTS - 08-2008
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - STORAGE SERVICES AUDITING CLIENT LOGGER UTILITY REFERENCE 04-29-2010
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - ADMINISTRATOR REFERENCE 06-17-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - DEVELOPMENT CLIENT REFERENCE 08-28-2009
- NOVELL SENTINEL LOG MANAGER 1.0.0.5 - 03-31-2010
- NOVELL SUPPORT ADVISOR - 04-2010
- NOVELL LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007
- Novell 3.6 05-2008
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP 2
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP1 - S 11-20-2009