Just watch the configuration of Sentry, at the higher settings it tends to get mad at every connect (such as the lousy common win95 clients) and add YOU (as in your lan) to the hosts.deny as well. :/ It's also not "bulletproof" either, you have to tell Sentry which ports to monitor. But it beats nothing at all...
I also have found some software called Sentry, which watches all unused TCP/IP ports, and immediately drops anyone hacking them into /etc/hosts.deny. It's at
<A HREF="http://www.psionic.com/abacus/abacus_sentry.html"><A HREF="http://www.psionic.com/abacus/abacus_sentry.html</A">http://www.psionic.com/abacus/abacus_sentry.html</A</A>>
and it works. It's nice because all the offenders are neatly listed in hosts.deny. :-)
I would also suggest to look out for the "floppy boot" attack. It's real easy to get into a machine if the console and floppy are available. Many people refuse to believe that anyone would be sneaky enough to try it. But there might be some info they are after.
Or use TCFS, an encrypted file system. If the system is encrypted (the HD data, that is) a floppy boot is a bit of a waste of time as they can't mount a readable partition... This is available from: <A HREF="http://www.bozcom.com/tcfs/"><A HREF="http://www.bozcom.com/tcfs/</A">http://www.bozcom.com/tcfs/</A</A>> .
Get a camera on your machine if you suspect this
Heard of a webcam that caught a pic and sent it to the webpage of a burglar who stole the owner's computer. The police got him quickly, but the computer was long gone... - To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e