r00igev@@r
Honorary Master
- Joined
- Dec 14, 2009
- Messages
- 15,640
- Reaction score
- 14,157
- Location
- Draadloos Bantha poo doo in 4ways
I created a basic canary and documented it here: https://www.linkedin.com/pulse/tiny-canary-detecting-hackers-your-internal-network-bartels/
Its been a week and no access logs on the pi except me testing so I suppose that is a good thing
I'm now thinking installing samba with LMD/CLAMAV. Then leaving an open public share and triggering a notification when an access is detected of a malicious file on the share.
Is there an easier or better way?
I thinking of putting on a smtp server with a webhook that notifies me when someone tries and uses that as well as using fail2ban for the sshd access.
Its been a week and no access logs on the pi except me testing so I suppose that is a good thing
I'm now thinking installing samba with LMD/CLAMAV. Then leaving an open public share and triggering a notification when an access is detected of a malicious file on the share.
Is there an easier or better way?
I thinking of putting on a smtp server with a webhook that notifies me when someone tries and uses that as well as using fail2ban for the sshd access.