Re: forensic Apache log analysis
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On 07/27/2011 08:24 AM, ESGLinux wrote:
The tools the others suggested are fine, however, normally, the culprit with this approach is that you should not rely on the application logs (experience often shows that logs that stay on the suspected compromised system) might be tampered/compromised. This is contrary to the idea of forensics, where you should have at a minimum something off the client system to ensure some level of confidence in a post mortem examination.Hi All, I have a problem with a RHEL server and I want to ask you for some advice. I´m not a security expert so I don´t know which can be the best aproach to solve my problem. The problem is that I have several GigaBytes of Apache logs and I need to look for attacks on it to check if the server has been compromised. I can manually check some possible attack urls and looking for them on the logs, but I´m sure there must be tools or technics to do these in the correct way. So, any idea that can help me? Thank you very much in advance, ESG
In the future, please do take a look at LUARM: http://luarm.sourceforge.net/ .
Make sure you get the latest version of it from svn by doing a: svn co https://luarm.svn.sourceforge.net/svnroot/luarm luarmand then follow the README for setup instructions. A case where I used LUARM to detect a botnet compromised LAMP
is here: http://epistolatory.blogspot.com/2011/02/catching-undesired-guest-in-penguin-tmp.html Please do feel free to pass feedback. GM -- -- George Magklaras PhD RHCE no: 805008309135525 Senior Systems Engineer/IT Manager Biotek Center, University of Oslo EMBnet TMPC Chair http://folk.uio.no/georgios Tel: +47 22840535 -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
[CentOS] [Kernel Development] [Red Hat Install] [PAM] [Fedora Users] [Red Hat Development] [Red Hat 9] [Big List of Linux Books] [Linux Admin] [Photo Sharing] [Hot Springs] [Gimp] [Asterisk PBX] [Yosemite News] [Red Hat Crash Utility]