"Total control" List of apps

Post by **ayu** » 09 Feb 2010, 09:16

I like to have as much control as possible, I like to be notified when something happens to my machines, any changes at all that might need my attention as fast as possible.

And I like to have it all in one secure place.
So I'm setting up my home server to be me eyes and ears on my network as well as outside of it.

This is the list of services I am going to install or have already installed to accomplish my goals

Snort - Network IDS
OSSEC - IDS/Monitoring
Nagios - Monitoring/Alert
ip personality - Mask/Spoof traffic characteristics to lure scanners
VMware - to jail services that I don't trust (like teamspeak)

Anything more that could be fun/useful?

Going to insert a wireless card later and monitor wireless net here as well ... just for fun x)

Post by **bad_brain** » 09 Feb 2010, 13:22

you might want to take a look at grsecurity:
http://www.grsecurity.net
it's actually a set of patches that provide a lot of extra kernel features in order to secure a system...

Post by **ayu** » 09 Feb 2010, 13:34

ooo nice =o

shabs · Post by **shabs** » 18 Feb 2010, 15:25

Don't know OSSEC's features but how about adding Tripwire as well?

crashacid · Post by **crashacid** » 18 Feb 2010, 17:18

as well as outside of it.

installing these software and you are outside am confused how will you have the control being outside

Post by **maboroshi** » 18 Feb 2010, 17:46

have you thought about creating a sha or md5 of your files on your file system. I wrote a python script that can accomplish this. For really large and a lot of files not sure how long it would take

But if you just had a small or medium size directory that needed to be hashed to be compared against this may work.

Code: Select all

import hashlib

def md5_for_file(f, excludeLine="", includeLine=""):
    m = hashlib.md5()
    try:
        fd = open(f, "rb")
    except IOError:
        print "Unable to open the file in readmode:", f
        return
    eachLine = fd.readline()
    while eachLine:
        if excludeLine and eachLine.startswith(excludeLine):
            continue
        m.update(eachLine)
        eachLine = fd.readline()
    m.update(includeLine)
    fd.close()
    return m.hexdigest()

def sha_for_file(f, excludeLine="", includeLine=""):
    s = hashlib.sha224()
    try:
        fd = open(f, "rb")
    except IOError:
        print "Unable to open the file in readmode:", f
        return
    eachLine = fd.readline()
    while eachLine:
        if excludeLine and eachLine.startswith(excludeLine):
            continue
        s.update(eachLine)
        eachLine = fd.readline()
    s.update(includeLine)
    fd.close()
    return s.hexdigest()


def create():
    for root, dirs, files in os.walk(entry.get()):
        for name in files:
            filepath = os.path.join(root, name)
            textbox.insert(END, "%s %s" % (md5_for_file(filepath), filepath) +"\n")



def createsha():
    for root, dirs, files in os.walk(entry.get()):
        for name in files:
            filepath = os.path.join(root, name)
            textbox.insert(END, "%s %s" % (sha_for_file(filepath), filepath) +"\n")

just a thought I can send ya the app if ya like

Post by **maboroshi** » 18 Feb 2010, 17:54

Also if you want a faster approach

just hash the directory structure

Code: Select all

import md5
import sha

def create():
    for root, dirs, files in os.walk(entry.get()):
        for name in files:
            filepath = os.path.join(root, name)
            global value
            value = md5.new(filepath).hexdigest()
            textbox.insert(END, value +"\n")


def createsha():
    for root, dirs, files in os.walk(entry.get()):
        for name in files:
            filepath = os.path.join(root, name)
            global value
            value = sha.new(filepath).hexdigest()
            textbox.insert(END, value +"\n")

Post by **Big-E** » 18 Feb 2010, 22:54

shabs wrote:Don't know OSSEC's features but how about adding Tripwire as well?

Well, Originally the author of OSSEC was using Tripwire but he had it deployed on about 120 servers, ranging from Linux to AIX systems. It simply did not scale and was horrible to manage. OSSEC is his solution to that problem, it does everything Tripwire does and more.

Post by **bad_brain** » 19 Feb 2010, 06:37

I've used Tripwire for a while, and it is really not very comfy to use.
the point is that when you think your system was compromised and a rootkit might have been installed you can't trust anything on that system anymore, including tripwire....at least the latest generation of rootkits can trick tripwire.

so the best (and imo only) way is to analyze the whole HDD from another (clean) system.