Apple Training Series: Mac OS X System Administration Reference, Volume 1

What You've Learned

• Vigilance is paramount when watching for any sort of malicious software.

• Intrusion detection software such as logGen should be run on a regular basis if operating a computer as administrator.

• The auditd process creates files that use the date and time they were created as the name of the file.

• You can use the audit_event file to view events indicated by number, name, description, and class.

References

Administration Guides

Mac OS X Server Getting Started: http://images.apple.com/server/pdfs/Getting_Started_v10.4.pdf

Mac OS X Server Command-Line Administration: http://images.apple.com/server/pdfs/Command_Line_v10.4.pdf

URLs

Rootkits explained: http://channels.lockergnome.com/windows/archives/20050630_sorry_rootkits_have_nothing_to_do_with_cheerleaders.phtml

MD5 Instructions: www.cert.org/security-improvement/implementations/i002.01.html