Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   reinventing the wheel? page checker (http://www.linux-archive.org/centos/675408-reinventing-wheel-page-checker.html)

Bob Hoffman 06-21-2012 01:17 PM

reinventing the wheel? page checker
 
Not sure if there is an app like this yet.
I want to keep tabs on my web applications and thought of using a 'page
checker'/

I was thinking either running a sum on the directory or each file...but
thinking a simple date check would
be fine.

The idea is web application, except the uploads area for photos, never
has changes to its files except when I change it.

However, if it gets injected or hacked, I would want to know right away.

So thinking of running a script every minute looking for files where the
date changed since 'x' date or something like that.

Anything out there like that?

thanks
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

06-21-2012 01:20 PM

reinventing the wheel? page checker
 
Bob Hoffman wrote:
> Not sure if there is an app like this yet.
> I want to keep tabs on my web applications and thought of using a 'page
> checker'/
>
> I was thinking either running a sum on the directory or each file...but
> thinking a simple date check would
> be fine.
>
> The idea is web application, except the uploads area for photos, never
> has changes to its files except when I change it.
>
> However, if it gets injected or hacked, I would want to know right away.
>
> So thinking of running a script every minute looking for files where the
> date changed since 'x' date or something like that.
>
> Anything out there like that?

ckrootkit?

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

John Doe 06-21-2012 02:00 PM

reinventing the wheel? page checker
 
From: Bob Hoffman <bob@bobhoffman.com>

> So thinking of running a script every minute looking for files where the
> date changed since 'x' date or something like that.
> Anything out there like that?

You have inotify that can monitor a directory for any change of the type you want.
Or make a script that "md5" the files and diff the results with a previous run:
* find $DIR -type f | while read F; do md5sum "$F"; done

JD
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Les Mikesell 06-21-2012 03:00 PM

reinventing the wheel? page checker
 
On Thu, Jun 21, 2012 at 8:17 AM, Bob Hoffman <bob@bobhoffman.com> wrote:
> Not sure if there is an app like this yet.
> I want to keep tabs on my web applications and thought of using a 'page
> checker'/
>
> I was thinking either running a sum on the directory or each file...but
> thinking a simple date check would
> be fine.
>
> The idea is web application, except the uploads area for photos, never
> has changes to its files except when I change it.
>
> However, if it gets injected or hacked, I would want to know right away.
>
> So thinking of running a script every minute looking for files where the
> date changed since 'x' date or something like that.
>
> Anything out there like that?

One approach is to make the changes on a staging/test server, then
rsync them to the real server. Then 'rsync -nv --delete' will list
any changed files. The step beyond that is to commit all changes to
a version control system like subversion, check them out on the
staging box, then push to production with rsync - or update directly
to the tested revision on the production server(s). The version
control system will have its own commands to show changes from the
repository version.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Keith Roberts 06-21-2012 04:44 PM

reinventing the wheel? page checker
 
On Thu, 21 Jun 2012, Bob Hoffman wrote:

> To: CentOS@centos.org
> From: Bob Hoffman <bob@bobhoffman.com>
> Subject: [CentOS] reinventing the wheel? page checker
>
> Not sure if there is an app like this yet.
> I want to keep tabs on my web applications and thought of using a 'page
> checker'/

*snip*

> Anything out there like that?

http://www.changedetection.com/

HTH,

Keith

-----------------------------------------------------------
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Bob Hoffman 06-21-2012 09:59 PM

reinventing the wheel? page checker
 
On 6/21/2012 12:44 PM, Keith Roberts wrote:
> On Thu, 21 Jun 2012, Bob Hoffman wrote:
>
>> To: CentOS@centos.org
>> From: Bob Hoffman<bob@bobhoffman.com>
>> Subject: [CentOS] reinventing the wheel? page checker
>>
>> Not sure if there is an app like this yet.
>> I want to keep tabs on my web applications and thought of using a 'page
>> checker'/
> *snip*
>
>> Anything out there like that?
> http://www.changedetection.com/
>
> HTH,
>
> Keith
>
>
thanks Keith, I see where you are going with that.
However I am going to be keeping an eye on all my files in the html
folder, along with those outside of it (ones you keep outside of html
for security), and my htaccessed admin areas and such...

Just gonna build a little script to sms and email me if anything
changes. When I finally get around to doing it in the project I will
post what I did and how it worked.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Kahlil Hodgson 06-22-2012 01:34 AM

reinventing the wheel? page checker
 
On 22/06/12 07:59, Bob Hoffman wrote:
> On 6/21/2012 12:44 PM, Keith Roberts wrote:
>> On Thu, 21 Jun 2012, Bob Hoffman wrote:
>>
>>> To: CentOS@centos.org
>>> From: Bob Hoffman<bob@bobhoffman.com>
>>> Subject: [CentOS] reinventing the wheel? page checker
>>>
>>> Not sure if there is an app like this yet.
>>> I want to keep tabs on my web applications and thought of using a 'page
>>> checker'/
>> *snip*
>>
>>> Anything out there like that?
>> http://www.changedetection.com/
>>
>> HTH,
>>
>> Keith

If its a security thing, you probably want an host based IDS.

My current favourite is

Samhain (http://la-samhna.de/samhain/)

It is a little tricky to set up initially -- you have to read all the
documentation first and compile it specifically for your target (it is
aggressively paranoid) -- but it can be configured to use multiple
logging channels, it knows about ACls and SELinux contexts, and version
3 uses inotify so resource impact is minimal. Also can be configured to
just look at your web root and ignore your uploads directory.

Kal
--
Kahlil (Kal) Hodgson GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd (w) +61 (0) 3 9008 5281

Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia

"All parts should go together without forcing. You must remember that
the parts you are reassembling were disassembled by you. Therefore,
if you can't get them together again, there must be a reason. By all
means, do not use a hammer." -- IBM maintenance manual, 1925


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

06-22-2012 01:50 PM

reinventing the wheel? page checker
 
Bob Hoffman wrote:
> On 6/21/2012 12:44 PM, Keith Roberts wrote:
>> On Thu, 21 Jun 2012, Bob Hoffman wrote:
>>> From: Bob Hoffman<bob@bobhoffman.com>
>>>
>>> Not sure if there is an app like this yet.
>>> I want to keep tabs on my web applications and thought of using a 'page
>>> checker'/
>> *snip*
>>
>>> Anything out there like that?
>> http://www.changedetection.com/
<snip>
As I said originally, you might want to check out rkhunter. It'll check
your system for rootkits, and once configured - which isn't a big deal,
just a configuration file - will complain when run if something's changed.
You can tell it to look at your web pages.

Another thing to consider (and I really, really don't enjoy suggesting
it), is selinux. Turn it on to at least permissive, and it'll bitch and
moan if something's changed. Turn it to enforcing, and *nothing* will be
allowed to be changed. It is, however, a royal pain to configure, esp.
when you want to be able to allow a directory for users to put pics.

mark


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Markus Falb 06-22-2012 03:43 PM

reinventing the wheel? page checker
 
On 22.6.2012 03:34, Kahlil Hodgson wrote:

>>> On Thu, 21 Jun 2012, Bob Hoffman wrote:
>>>> Subject: [CentOS] reinventing the wheel? page checker

>>>> Not sure if there is an app like this yet.
>>>> I want to keep tabs on my web applications and thought of using a 'page
>>>> checker'/

> If its a security thing, you probably want an host based IDS.

I know this under the term file based IDS btw., in contrast to some
stuff that scans the network traffic.

> Samhain (http://la-samhna.de/samhain/)

tripwire and aide were two other examples and even with bacula you can
do this stuff.

All these tools scan the filesystem and store things like checksum,
ownership, size etc. in a database. One important feature in my opinion
is that the database is not stored on the client itself. You don't want
an intruder to get on that data, similar to why one wants a central
logserver.

To no avail do reinvent the wheel, there are plenty of tools for that.
--
Kind Regards, Markus Falb

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Bob Hoffman 06-22-2012 06:28 PM

reinventing the wheel? page checker
 
On 6/22/2012 9:50 AM, m.roth@5-cent.us wrote:
> Bob Hoffman wrote:
>> On 6/21/2012 12:44 PM, Keith Roberts wrote:
>>> On Thu, 21 Jun 2012, Bob Hoffman wrote:
>>>> From: Bob Hoffman<bob@bobhoffman.com>
>>>>
>>>> Not sure if there is an app like this yet.
>>>> I want to keep tabs on my web applications and thought of using a 'page
>>>> checker'/
>>> *snip*
>>>
>>>> Anything out there like that?
>>> http://www.changedetection.com/
> <snip>
> As I said originally, you might want to check out rkhunter. It'll check
> your system for rootkits, and once configured - which isn't a big deal,
> just a configuration file - will complain when run if something's changed.
> You can tell it to look at your web pages.
>
> Another thing to consider (and I really, really don't enjoy suggesting
> it), is selinux. Turn it on to at least permissive, and it'll bitch and
> moan if something's changed. Turn it to enforcing, and *nothing* will be
> allowed to be changed. It is, however, a royal pain to configure, esp.
> when you want to be able to allow a directory for users to put pics.
>
> mark
>
Would love to use SElinux. I searched high and low for any kind of
manual and there was none.
Most of the information online was for versions that were not on centos
6, and little info on centos 6.
I am considering going back to it for the virtual hosts, dns servers,
but for production web servers
I think it will take a long time.
I know that fail2ban will not work properly with it in any case, as per
their own website.

It seems that to run the webservers selinux wants me to allow a ton of
privledges to apache, the ftp user, and a bunch of
other things...seems like that defeats the purpose. And a script
injection will have all those privledges.

I wish I had to time and knowledge to implement it...and add it to my
handbook, but on a webserver that
is doing mail ins, mail outs, httpd, mysql, php, self made scripts,
fail2ban, and host of other programs
it seems like it requires an experienced hand at it. Or a book.
Neither of which are available to me.

Who knows, once I figure out the mutli_mysql back up, amanda, then I may
go for it.

One thing I learned...SElinux in permissive mode only gives a warning
once for an issue...and never again. Makes it hard
to play with it that way, would prefer a constant error variable to keep
them coming.

well. We derailed.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 10:41 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.