[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New monit web-interface

From: Martin Pala
Subject: Re: New monit web-interface
Date: Fri, 12 Jul 2002 12:02:16 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020607

Thomas Oppel wrote:
Am Freitag, 12. Juli 2002 10:59 schrieb Christian Hopp:

On 11 Jul 2002, Jan-Henrik Haukeland wrote:

Christian Hopp <address@hidden> writes:

Wouldn't it be enough to check ctime first and if newer then last
cycle do a md5sum check.

Yes another good idea, but..

Some server programs might come up to some megs.

The check is pretty fast (for this type of application), aprox 0.07
sec (cpu time) for 2 megs.

So I did it myself... I home you find it still usefull.  Patch is against
last 2.5 beta.




maybe I'm a bit paranoid, but is true an intruder now only needs to mangle ctime that md5sums are never checked and monit helps to keep trojaned daemons running? As a user I expect the program makeing use of it in any case, if I read md5sum check in config. As a sysop I don't care for a bit less performance, if I get a bit more security in return. Anyhow, if checking file integrity is a typical tripwire job, I'm glad for every extra level of security I can get. So, what about a 'general' check every x cicles, that sums are checked at least 2 or 3 times a day? Or a switch 'alwaysFullCheck=[true|false]' or such?


I agree with Thomas, it is less secure when checksum will depend on ctime. I think that solution outlined above (with configuration swith) will be useful to allow sysadmin choose check for every cycle (more security) or performance instead, such as:

[set checksumAlways {true|false}]

If not specified, true should be default (i think).

What do you think about it?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]