Professional Documents
Culture Documents
COIT13146 - System and Network Administration
COIT13146 - System and Network Administration
COIT13146 - System and Network Administration
I grew bored of watching the logs and as the attacks were coming
down my ADSL connection, they were using, though minimal, some of
my quota. I moved the port forward to an unknown port number and
configured my servers firewall rules to reject connections from IP
addresses if more than a couple of failed login attempts occurred
- resetting after a couple of minutes in case I have a bad day and
get my password wrong a few times.
From this story, it is obvious that if the author had not checked
the /var/log/auth.log file and taken action, the system may have
gotten 'hacked' sooner or later. A good lesson in security!
Summary
Software to install
Chapters to read
Tasks
Readings
We will need to research Snort and OSSEC ourselves this week. The
main website links listed above provide a vast amount of
documentation for both.
Assessment
Read the descriptions available of what Snort and Ossec are and
what they do, then summarise the similarities and differences
between them. Ensure to mention where and how each should be
used.
Submit the details of the scan you used, the output from the scan,
and the entries generated in the snort alert file. Describe the
alerts generated - include other alerts that may be generated from
other activity on your server. You need to show that you can
interpret the alerts being generated, so ensure you describe what
the alerts mean as part of your answers.
5. Edit and save some of the main system configuration files e.g.
/etc/fstab, /etc/group, /etc/passwd (remember about using clones
as safety?).
List the changes that you make and describe the resulting emails
and events recorded by OSSEC - include other emails generated from
other activity on your server. Submit the email text as part of
your descriptions.
How to submit: