[CentOS] Suggested way to remotely monitor servers and networks these days?

Thu May 24 00:36:11 UTC 2007
Dexter Ang <thepoch at gmail.com>

Hi folks,

I'm just wondering what is the recommended way of monitoring servers and
networks remotely. My current setup is to install and configure cacti and
nagios. I've set these up to require SSL. This way, I can easily go to them
and login from wherever I am and monitor (almost) everything I need to
monitor.

The problem is that leaving cacti open was the most stupid thing I've done.
After checking /var/log/httpd/error_log, I saw that someone exploited a
cacti php file and the result was:

--08:13:11--  http://psaico.host.sk/desk.pl
           => `/tmp/desk.pl'
Resolving psaico.host.sk... 62.168.109.150
Connecting to psaico.host.sk|62.168.109.150|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 20,144 (20K) [text/x-perl]

    0K .......... .........                                  100%   28.26KB/s

08:13:13 (28.26 KB/s) - `/tmp/desk.pl' saved [20144/20144]

which immediately downloaded ShellBOT to /tmp and executed it. It was a good
thing I caught this as early as I did. So, what's everyone elses solution
these days? Or is it simply a matter of creating a /tmp partition and
mounting it noexec?

On a side note... anyone with experience with ShellBOT? From research, it
seems to attempt to connect to an IRC server upon running. So if my outgoing
connections are secured by iptables, can I assume it never got connected at
all? I'll probably try this out someday but just looking for a quick
experienced answer.

Thanks!

dex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20070524/fc916a85/attachment-0004.html>