8. Setup tripwire.
What is this?
A file integrity tool. Tripwire creates a database and stores information about important files in the database. This information includes things such as: - modification time - owner, group - cryptographic checksum(s) - etc. After initializing (creating) the tripwire database you should store a copy of it off-line (on a CDROM on somewhere else it can not be tampered with). Then, security monitoring includes checking the tripwire database agains the file system of your running installation. If anything (important, or at all) changes in the file system tripwire prints out a report of it - and you'll check what changed and why. Be sure to remember that some changes are legal and thus you should do upgrades and installations (new software added) in the following manner: - (consider taking the system off line for duration of maintenance?) - run tripwire checking agains current database - install software and do other maintenance - update tripwire database so that it contains the changes from new/changed files And if you are just starting with security... I can recommend an excellent (if occasionally terrifying book) by Bruce Schneier: Secret & Lies, Digital Security in a Networked World. Of course there is a lot of others... regards, timo