Skyler99 has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks , is there a way to tell if there is a software preventing an executable from running or installing on a server. This is the scenario, I managed series of test servers for the company. Sometime ago it look like there was an intruder in or systems and we trace it back to an account out of an IP. We successfully block and monitor ports constantly. It may look that the intruder may have left a security software that runs in the background and prevents another applications to install into the server. Although it doesn't seem a security risk. I like to know if there is any security software that could prevent you from installing software onto a server and cuts process at night. I'm trying to write something in Perl to be able to detect this pattern I'll appreciate your suggestions.

Replies are listed 'Best First'.
Re: Cannot Install executables
by Zaxo (Archbishop) on Apr 01, 2003 at 04:50 UTC

    It's time you got over to see Dan Farmer's forensics page. It has much wisdom and tools, like The Coroner's Toolkit, much of which is written in perl. It sounds like you have let these 100 corpses rot for a while, so lots of evidence may be gone.

    After Compline,
    Zaxo

[reply]
Re: Cannot Install executables
by feanor_269 (Beadle) on Apr 01, 2003 at 05:05 UTC
    Ok, first things first, beg them to hire an experienced sysadmin... It doesn't seem like you "successfully block and monitor ports constantly", or at least not the right ones. What os are you using? Install a decent firewall? Hire a sysadmin yet?

    feanor_269
[reply]
Re: Cannot Install executables
by theAssMan (Initiate) on Apr 01, 2003 at 04:33 UTC
    You might want to consider wiping those servers; an intruder "doesn't seem a security risk"? Hmmm, that's an interesting theory, and one that was commonly employed back in the mid-70's. I'd say wipe clean the disks, start from scrach, and for the love of God, install Tripwire!
[reply]

Back to Seekers of Perl Wisdom