[CentOS] Suggested way to remotely monitor servers and networks these days?
Dexter Ang
thepoch at gmail.comThu May 24 00:36:11 UTC 2007
- Previous message: [CentOS] Source RPM -- need to rebuild ldap client tools
- Next message: [CentOS] Suggested way to remotely monitor servers and networks these days?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi folks, I'm just wondering what is the recommended way of monitoring servers and networks remotely. My current setup is to install and configure cacti and nagios. I've set these up to require SSL. This way, I can easily go to them and login from wherever I am and monitor (almost) everything I need to monitor. The problem is that leaving cacti open was the most stupid thing I've done. After checking /var/log/httpd/error_log, I saw that someone exploited a cacti php file and the result was: --08:13:11-- http://psaico.host.sk/desk.pl => `/tmp/desk.pl' Resolving psaico.host.sk... 62.168.109.150 Connecting to psaico.host.sk|62.168.109.150|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 20,144 (20K) [text/x-perl] 0K .......... ......... 100% 28.26KB/s 08:13:13 (28.26 KB/s) - `/tmp/desk.pl' saved [20144/20144] which immediately downloaded ShellBOT to /tmp and executed it. It was a good thing I caught this as early as I did. So, what's everyone elses solution these days? Or is it simply a matter of creating a /tmp partition and mounting it noexec? On a side note... anyone with experience with ShellBOT? From research, it seems to attempt to connect to an IRC server upon running. So if my outgoing connections are secured by iptables, can I assume it never got connected at all? I'll probably try this out someday but just looking for a quick experienced answer. Thanks! dex -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070524/fc916a85/attachment.html>
- Previous message: [CentOS] Source RPM -- need to rebuild ldap client tools
- Next message: [CentOS] Suggested way to remotely monitor servers and networks these days?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list