Re: New monit web-interface

[Thomas Oppel]

Am Freitag, 12. Juli 2002 10:59 schrieb Christian Hopp:
> On 11 Jul 2002, Jan-Henrik Haukeland wrote:
> > Christian Hopp <address@hidden> writes:
> > > Wouldn't it be enough to check ctime first and if newer then last
> > > cycle do a md5sum check.
> >
> > Yes another good idea, but..
> >
> > > Some server programs might come up to some megs.
> >
> > The check is pretty fast (for this type of application), aprox 0.07
> > sec (cpu time) for 2 megs.
>
> So I did it myself... I home you find it still usefull.  Patch is against
> last 2.5 beta.
>
> Bye,
>
> C.Hopp

Hi,

maybe I'm a bit paranoid, but is true an intruder now only needs to mangle 
ctime that md5sums are never checked and monit helps to keep trojaned daemons 
running?
As a user I expect the program makeing use of it in any case, if I read md5sum 
check in config.
As a sysop I don't care for a bit less performance, if I get a bit more 
security in return.
Anyhow, if checking file integrity is a typical tripwire job, I'm glad for 
every extra level of security I can get.
So, what about a 'general' check every x cicles, that sums are checked at 
least 2 or 3 times a day? Or a switch 'alwaysFullCheck=[true|false]' or such?

Greetings,
Leppo.
-- 
Kourentis und Brüggemann
Informationssysteme GbR.
Rheinallee 72 - 53173 Bonn
Tel.  0228 / 3635 07
Fax.  0228 / 3635 09
Mobil 0163 / 5635830