UNIX System Administration Handbook - Evi Nemeth [403]
There are also security portals on the web, such as www.securityfocus.com, that contain vendor-specific information and links to the latest official vendor dogma.
To subscribe to Sun’s security bulletin, send email to security-alert@sun.com; include the line “subscribe cws your-address” in the body of the message. Software patches and an archive of historical security bulletins are available on the web at sunsolve.sun.com.
HP’s offerings can be accessed through its support sites: us-support.external.hp.com for the Americas and Asia, and europe-support.external.hp.com for Europe. The security-related goodies have been carefully hidden. To find them, enter the maintenance/support area and select the option to search the technical knowledge base (you will need to register if you have not already done so). An option at the bottom of that page will take you to the security bulletins, and from there you can access security patches as well. To have security bulletins sent to you, return to the maintenance/support main page and choose the “support information digests” option. Unfortunately, there does not appear to be any way to subscribe directly by email.
A list of Red Hat security advisories can be found at www.redhat.com/support/errata. As of this writing, no official security mailing list is sponsored by Red Hat. However, there are a variety of Linux security resources on the net; most of the information applies directly to Red Hat.
Information about FreeBSD security can be found at www.freebsd.org/security. FreeBSD maintains a formal list of advisories as well as some informal mailing lists and archives. All of this activity is overseen by the FreeBSD “security officer,” which is actually a team of dedicated professionals.
Security information about Cisco products is distributed in the form of field notices, a list of which can be found at www.cisco.com/warp/public/770. To subscribe to Cisco’s security mailing list, send mail to majordomo@cisco.com with the line “subscribe cust-security-announce” in the message body.
Other mailing lists and web sites
The contacts listed above are just a few of the many security resources available on the net. The second edition of this book listed quite a few more, but given the volume of info that’s now available and the rapidity with which resources come and go, we thought it would be more helpful to point you toward some meta-resources.
One good starting point is the X-Force web site (xforce.iss.net) at Internet Security Systems, which maintains a variety of useful FAQs. One of these is a current list of security-related mailing lists. The vendor and security patch FAQs provide useful contact information for a variety of vendors.
www.yahoo.com has an extensive list of security links; be sure to look under the general “computers and Internet” security section, as the UNIX-specific section is somewhat anemic. Another good source of links on the subject of network security can be found at www.about.com.
21.11 WHAT TO DO WHEN YOUR SITE HAS BEEN ATTACKED
The key to handling an attack is simple: Don’t panic. It’s very likely that by the time you discover the intrusion, most of the damage has already been done. In fact, it has probably been going on for weeks or months. The chance that you’ve discovered a break-in that just happened an hour ago is slim to none.
In that light, the wise owl says to take a deep breath and begin developing a carefully thought out strategy for dealing with the break-in. You need to avoid tipping off the intruder by announcing the break-in or performing any other activity that would seem abnormal to someone