Chapter 10. Intrusion Detection


91


rpm  Va


This command verifies all installed packages and finds any failure in its verification tests (much


like the


 V


option, but more verbose in its output since it is verifying every installed package).


rpm  Vf /bin/ls


This command verifies individual files in an installed package. This can be useful if you wish to


perform a quick verification of a suspect file.


rpm  K application 1.0.i386.rpm


This command is useful for checking the md5 checksum and the GPG signature of an RPM


package file. This is useful for checking whether a package you want to install is signed by Red


Hat or any organization for which you have the GPG public key imported into your GPG keyring.


A package that has not been properly signed will emit an error message similar to the following:


application 1.0.i386.rpm (SHA1) DSA sha1 md5 (GPG) NOT OK


(MISSING KEYS: GPG#897da07a)


Exercise caution when installing packages that are unsigned as they are unofficial and could


contain malicious code


RPM can be a powerful tool, as evinced by its many verification tools for installed packages and


RPM package files. It is strongly recommended that you backup the contents of your RPM database


directory (


/var/lib/rpm/


) to read only media such as CD ROM after you install Red Hat Linux so


that you can safely verify files and packages against the read only database, rather than against the


database on the system, as malicious users may corrupt the database and skew your results.


10.2.3. Other Host based IDSes


The following list discusses some of the other popular host based intrusion detection systems avail 


able. Refer to the websites of the respective utilities for more information about installing and config 


uring them in your environment.


Note


These applications are not included with Red Hat Linux and are not supported. They have been


included in this document as a reference to users who may be interested in evaluating such applica 


tions.


SWATCH http://www.oit.ucsb.edu/~eta/swatch/   The Simple WATCHer (SWATCH) uses log


files generated by


syslog


to alert administrators of anomalies based on user configuration files.


SWATCH was designed to log any event that the user wants to add into the configuration file;


however, it has been adopted widely as a host based IDS.


LIDS http://www.lids.org   The Linux Intrusion Detection System (LIDS) is a kernel patch and


administration tool that can also control file modification with access control lists (ACLs) and


protect processes and files, even from the root user.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      web hosting comparison

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved