[CentOS] Check integrity or rootkits on remote server?
Mike
ekkikrist at yahoo.com
Fri Jun 16 10:54:11 UTC 2006
On Mon, Jun 12, 2006 at 03:57:11PM +0200, Marco Fioretti wrote:
> Hello,
>
> when one has physical access to a computer, he
> can run something like tripwire, with keys and
> checksum on a separate, write-only media, to
> verify the integrity of the system.
>
> What if the system is a remote one (in my case
> Centos 4.3 on a User Mode Linux VPS some hundred
> of KMs from here)?
>
> Does it still make sense to run tripwire remotely?
> If yes, how, since you cannot plug a floppy or USB
> drive in the machine?
>
> What if tripwire was never ran? Does it make sense, on
> a Centos system without physical access, to download there
> and run remotely one of those rootkit detection tools?
> Would its findings be surely accurate?
>
> Generally speaking, how does one handle these issues on
> remote systems?
> Thanks in advance for any comment,
Hello,
You may be interested in Osiris:
<http://osiris.shmoo.com/data/osiris-4.1.5.tar.gz>
It uses a client-server model to perform host integrity checking.
The osiris daemon on your VPS communicates securely with a
monitor console application at your location.
Come to think of it, it's a lot like how commercial alarm systems
work.
Also I have found both chkrootkit and rkhunter useful, they are
not as smart as a real person but may help warn you that you
should check the system like a check engine light inside a car...
> Marco
>
- Mike
More information about the CentOS
mailing list