[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New monit web-interface
|
From: |
Christian Hopp |
|
Subject: |
Re: New monit web-interface |
|
Date: |
Fri, 12 Jul 2002 12:05:59 +0200 (CEST) |
On Fri, 12 Jul 2002, Martin Pala wrote:
> Thomas Oppel wrote:
> > Am Freitag, 12. Juli 2002 10:59 schrieb Christian Hopp:
> >
> >>On 11 Jul 2002, Jan-Henrik Haukeland wrote:
> >>
> >>>Christian Hopp <address@hidden> writes:
> >>>
> >>>>Wouldn't it be enough to check ctime first and if newer then last
> >>>>cycle do a md5sum check.
> >>>
> >>>Yes another good idea, but..
> >>>
> >>>
> >>>>Some server programs might come up to some megs.
> >>>
> >>>The check is pretty fast (for this type of application), aprox 0.07
> >>>sec (cpu time) for 2 megs.
> >>
> >>So I did it myself... I home you find it still usefull. Patch is against
> >>last 2.5 beta.
> >>
> >>Bye,
> >>
> >>C.Hopp
> >
> >
> > Hi,
> >
> > maybe I'm a bit paranoid, but is true an intruder now only needs to mangle
> > ctime that md5sums are never checked and monit helps to keep trojaned
> > daemons
> > running?
> > As a user I expect the program makeing use of it in any case, if I read
> > md5sum
> > check in config.
> > As a sysop I don't care for a bit less performance, if I get a bit more
> > security in return.
> > Anyhow, if checking file integrity is a typical tripwire job, I'm glad for
> > every extra level of security I can get.
> > So, what about a 'general' check every x cicles, that sums are checked at
> > least 2 or 3 times a day? Or a switch 'alwaysFullCheck=[true|false]' or
> > such?
> >
> > Greetings,
> > Leppo.
>
> I agree with Thomas, it is less secure when checksum will depend on
> ctime. I think that solution outlined above (with configuration swith)
> will be useful to allow sysadmin choose check for every cycle (more
> security) or performance instead, such as:
>
> [set checksumAlways {true|false}]
>
> If not specified, true should be default (i think).
>
>
> What do you think about it?
A good point... I will take care of a "checksumAlways {true|false}"
option!
Bye,
C.Hopp
--
Christian Hopp email: address@hidden
Institut für Elektrische Informationstechnik fon: +49-5323-72-2113
Technische Universität Clausthal fax: +49-5323-72-3197
pgpkey: https://www.iei.tu-clausthal.de/pgp-keys/chopp.key.asc (2001-11-22)
- Re: New monit web-interface, (continued)
- Re: New monit web-interface, Christian Hopp, 2002/07/11
- Re: New monit web-interface, Jan-Henrik Haukeland, 2002/07/11
- Re: New monit web-interface, Christian Hopp, 2002/07/11
- Re: New monit web-interface, Jan-Henrik Haukeland, 2002/07/11
- Re: New monit web-interface, Christian Hopp, 2002/07/11
- Re: New monit web-interface, Jan-Henrik Haukeland, 2002/07/11
- Re: New monit web-interface, Christian Hopp, 2002/07/12
- Re: New monit web-interface, Jan-Henrik Haukeland, 2002/07/12
- Re: New monit web-interface, Thomas Oppel, 2002/07/12
- Re: New monit web-interface, Martin Pala, 2002/07/12
- Re: New monit web-interface,
Christian Hopp <=
- Re: New monit web-interface, Jan-Henrik Haukeland, 2002/07/12
- Re: New monit web-interface, Martin Pala, 2002/07/12
- Re: New monit web-interface, Christian Hopp, 2002/07/12
- Re: New monit web-interface, Jan-Henrik Haukeland, 2002/07/12
- Re: New monit web-interface, Martin Pala, 2002/07/12
- Re: New monit web-interface, Christian Hopp, 2002/07/12
- Re: New monit web-interface, Thomas Oppel, 2002/07/12