[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New monit web-interface

From: Martin Pala
Subject: Re: New monit web-interface
Date: Fri, 12 Jul 2002 12:33:36 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020607

Jan-Henrik Haukeland wrote:
Christian Hopp <address@hidden> writes:

I agree with Thomas, it is less secure when checksum will depend on
ctime. I think that solution outlined above (with configuration swith)
will be useful to allow sysadmin choose check for every cycle (more
security) or performance instead, such as:

[set checksumAlways {true|false}]

If not specified, true should be default (i think).

What do you think about it?

A good point... I will take care of a "checksumAlways {true|false}"

Maybe it could be an idea and check both ctime and mtime? I created
the following function before I planed to start the implementation:

new in monitor.h:

#define MAX(x,y)           ((x) > (y) ? (x) : (y))

in util.c:

 * Get a files last modified timestamp. This function returns the max
 * of either st_mtime or st_ctime. If the file does not exist or is
 * not a regular file FALSE is returned
 * @param file A file to stat
 * @return last modification time or FALSE if not found or not a regular file
long getchange_file(char *file) {
struct stat buf;

  if(!stat(file, &buf))
          return MAX(buf.st_mtime, buf.st_ctime);
return FALSE;


Problem is, that mtime can easily be modified (for example by unix 'touch' command). Its not big problem for intruder to mangle this value.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]