LINUX SECURITY 3122021 Computer Network Lab 1 q

LINUX SECURITY - 침 입 탐 지 - 네트워크 실험실 김 윤 수 3/12/2021 Computer Network Lab. # 1

q chkwtmp(1) v wtmp를 분석하여 삭제된 항목을 출력한다. v 필요조건: C v 설정파일: 없음 v 보안사항: 없음 v 주의사항: 없음 v http: //sunsite. ics. forth. gr/pub/systoo ls/chkwtmp-1. 0. tar. gz 3/12/2021 Computer Network Lab. # 5

q tcplogd(2) v stealth scan을 탐지 v 필요조건 : C v 설정파일 : tcplogd. init v 보안사항 : 없음 v 주의사항 : 없음 v http: //www. kalug. net/tcplogd v NMAP/Que. So/Saint 3/12/2021 Computer Network Lab. # 6

q Host. Sentry(4) v Abacus Project의 일부분으로 비정상적인 로그인을 v v v 감시하는 침입탐지 도구 필요조건 : Python(dbm/gdbm과 syslog가 지원) 설정파일 : hostsentry. conf, hostsentry. modules, hostsentry. ignore, hostsentry. action 보안사항 : 없음 주의사항 : 없음 이상한 행동/시간예외/로케일 예외 http: //www. psionic. com/abacus/hostsentry 3/12/2021 Computer Network Lab. # 8

q shadow(5) v stealth scan을 탐지 v 로렌스 버클리 연구소/NSWC v 필요조건 : C, Perl, libpcap, tcpdump, tcpslice, Apache, SSH v 설정파일 : 많음. 문서파일참조 v 보안사항 : 없음 v 주의사항 : 없음 3/12/2021 Computer Network Lab. # 9

q 침입 발견에 관한 문서(8) v A Framework and Prototype for a Distributed Intrusion Detection System, v v Diego Zamboni and E. H. Spafford, Dept of Computer Science , Purdue University. http: //www. cs. purdue. edu/coast/projects/autonomousagents. html. A pattern matching Model for Misuse Intrusion Detecton, Kumar and Spafford. http: //www. raptor. com/lib/ncscpdf. An Application of Pattern Matching in Intrusion Detecton, Kumar and Spafford. http: //www. raptor. com/lib/ncsc. 94. ps An Architecture for Intrusion Detection using Autonomous Agents, ftp: //coast. cs. purdue. edu/pub/COAST/papers/diegozamboni/zamboni 9805. px An Evening with Berferd: In Which a Cracker is Lured, Endured, and Studied, Bill Cheswick http: //www. alw. nih. ogv/security/FIRST/papers/general/berferd. ps 3/12/2021 Computer Network Lab. # 13