[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New monit web-interface
From: |
Christian Hopp |
Subject: |
Re: New monit web-interface |
Date: |
Fri, 12 Jul 2002 12:39:16 +0200 (CEST) |
On Fri, 12 Jul 2002, Martin Pala wrote:
> Jan-Henrik Haukeland wrote:
> > Christian Hopp <address@hidden> writes:
> >
> >
> >>>I agree with Thomas, it is less secure when checksum will depend on
> >>>ctime. I think that solution outlined above (with configuration swith)
> >>>will be useful to allow sysadmin choose check for every cycle (more
> >>>security) or performance instead, such as:
> >>>
> >>>[set checksumAlways {true|false}]
> >>>
> >>>If not specified, true should be default (i think).
> >>>
> >>>
> >>>What do you think about it?
> >>
> >>A good point... I will take care of a "checksumAlways {true|false}"
> >>option!
> >
> >
> >
> > Maybe it could be an idea and check both ctime and mtime? I created
> > the following function before I planed to start the implementation:
> >
> >
> > new in monitor.h:
> >
> > #define MAX(x,y) ((x) > (y) ? (x) : (y))
> >
> > in util.c:
> >
> > /**
> > * Get a files last modified timestamp. This function returns the max
> > * of either st_mtime or st_ctime. If the file does not exist or is
> > * not a regular file FALSE is returned
> > * @param file A file to stat
> > * @return last modification time or FALSE if not found or not a regular
> > file
> > */
> > long getchange_file(char *file) {
> >
> > struct stat buf;
> >
> > if(!stat(file, &buf))
> > if(S_ISREG(buf.st_mode))
> > return MAX(buf.st_mtime, buf.st_ctime);
> >
> > return FALSE;
> >
> > }
> >
> >
> >
>
> Problem is, that mtime can easily be modified (for example by unix
> 'touch' command). Its not big problem for intruder to mangle this value.
>
> Martin
With touch you modify anykind of time (a/m/c).
The patch is almost done... but now I need lunch!
C.Hopp
--
Christian Hopp email: address@hidden
Institut für Elektrische Informationstechnik fon: +49-5323-72-2113
Technische Universität Clausthal fax: +49-5323-72-3197
pgpkey: https://www.iei.tu-clausthal.de/pgp-keys/chopp.key.asc (2001-11-22)
- Re: New monit web-interface, (continued)
- Re: New monit web-interface, Jan-Henrik Haukeland, 2002/07/11
- Re: New monit web-interface, Christian Hopp, 2002/07/11
- Re: New monit web-interface, Jan-Henrik Haukeland, 2002/07/11
- Re: New monit web-interface, Christian Hopp, 2002/07/12
- Re: New monit web-interface, Jan-Henrik Haukeland, 2002/07/12
- Re: New monit web-interface, Thomas Oppel, 2002/07/12
- Re: New monit web-interface, Martin Pala, 2002/07/12
- Re: New monit web-interface, Christian Hopp, 2002/07/12
- Re: New monit web-interface, Jan-Henrik Haukeland, 2002/07/12
- Re: New monit web-interface, Martin Pala, 2002/07/12
- Re: New monit web-interface,
Christian Hopp <=
- Re: New monit web-interface, Jan-Henrik Haukeland, 2002/07/12
- Re: New monit web-interface, Martin Pala, 2002/07/12
- Re: New monit web-interface, Christian Hopp, 2002/07/12
- Re: New monit web-interface, Thomas Oppel, 2002/07/12