[Dshield] linux script
Joseph Shraibman
jks at selectacast.net
Tue Nov 28 23:24:43 GMT 2000
1) Why is this looking for "input DENY" in /var/log/messages? Why isn't
it looking for "connection refused" in /var/log/secure?
2) Why isn't it checking to see if the tempory file it wants to use
exists already or not?
It seems to me someone could use a syslog call to put whatever he wants
into the log, then make a symlink to /etc/passwd to get some lines
inserted into the password file. The randomizing of the temporary file
name makes this hard, but not impossible.
I suggest no one run this as root. If only root and read your logfile,
make a copy, then run the perl script on the copy as another users.
--
Joseph Shraibman
jks at selectacast.net
Increase signal to noise ratio. http://www.targabot.com
More information about the list
mailing list