Solaris CX-310-301 Manual do Utilizador descarregar pdf (Página 39)

Solaris 9 Security CX-310-301 38

Detecting Attacks

There are various methods for detecting that an attack has taken place. This section looks at detecting

backdoor and Trojan Horse attacks.

Using Solaris Fingerprint Database

The fingerprint database supplied by Sun Microsystems provides the facility to check that Solaris

Operating Environment files have not been tampered with, or modified by an unauthorized intruder. For

single files, you can use the interactive option on Sun’s web site at:

http://sunsolve.sun.com/pub-cgi/fileFingerprints.pl

First though, you need the MD5 binary to create a local MD5 signature that can be checked against the one

held by Sun Microsystems. Get this from:

http://sunsolve.sun.com/md5/md5.tar.Z

For this example, I ran

# md5-sparc /usr/bin/ls

to obtain the md5 signature for the ls command.

Then, startup the interactive fingerprint script and paste in the result from the previous command.

The partial screenshot below shows the relevant section of the screen:

1 2 ... 34 35 36 37 38 39 40 41 42 43 44 ... 76 77

Sem comentários

Solaris CX-310-301 Manual do Utilizador Página 39