On 6/22/2012 9:50 AM, m.roth@5-cent.us wrote:
Bob Hoffman wrote:
On 6/21/2012 12:44 PM, Keith Roberts wrote:
On Thu, 21 Jun 2012, Bob Hoffman wrote:
From: Bob Hoffmanbob@bobhoffman.com
Not sure if there is an app like this yet. I want to keep tabs on my web applications and thought of using a 'page checker'/
*snip*
Anything out there like that?
<snip> As I said originally, you might want to check out rkhunter. It'll check your system for rootkits, and once configured - which isn't a big deal, just a configuration file - will complain when run if something's changed. You can tell it to look at your web pages.
Another thing to consider (and I really, really don't enjoy suggesting it), is selinux. Turn it on to at least permissive, and it'll bitch and moan if something's changed. Turn it to enforcing, and *nothing* will be allowed to be changed. It is, however, a royal pain to configure, esp. when you want to be able to allow a directory for users to put pics.
mark
Would love to use SElinux. I searched high and low for any kind of manual and there was none. Most of the information online was for versions that were not on centos 6, and little info on centos 6. I am considering going back to it for the virtual hosts, dns servers, but for production web servers I think it will take a long time. I know that fail2ban will not work properly with it in any case, as per their own website.
It seems that to run the webservers selinux wants me to allow a ton of privledges to apache, the ftp user, and a bunch of other things...seems like that defeats the purpose. And a script injection will have all those privledges.
I wish I had to time and knowledge to implement it...and add it to my handbook, but on a webserver that is doing mail ins, mail outs, httpd, mysql, php, self made scripts, fail2ban, and host of other programs it seems like it requires an experienced hand at it. Or a book. Neither of which are available to me.
Who knows, once I figure out the mutli_mysql back up, amanda, then I may go for it.
One thing I learned...SElinux in permissive mode only gives a warning once for an issue...and never again. Makes it hard to play with it that way, would prefer a constant error variable to keep them coming.
well. We derailed.