server monitoring scripts for shared hosting?

Lisa Kachold foobar at it-clowns.com
Sat Nov 22 15:24:25 MST 2014 

You can use this tool to recognize and search CSV's for exploits and
advisories:  http://cvechecker.sourceforge.net/

Of course, I would also look for new files or changed files (and this
doesn't require tripwaire):

https://github.com/gruntjs/grunt-contrib-watch - run tasks when files
change (like email yourself or tar them up and move to a directory outside
of webroot).

You can instantly audit all of your current installed web versions with a
simple scheduled search of the SecurityTracker site (either manually or via
a script emailing you the output of curl/wget ):
http://securitytracker.com/  They also have a commercial SERVICE that will
alert you when any alerts related to your LIST are posted, if you don't
want to manage cvechecker or your own scripts.

There are also some interesting projects, like inotify (
http://inotify.aiken.cz/) but if you don't have root access, you are not
going to be able to apt-get/yum install much.

Whatever open ports you serve to the PUBLIC MUST be IDS/IPS protected at
all times - on a small scale, that can be IPTABLES for SYN and/or
mod_security; and your monitoring might include such great projects as
suricata (with libhtp) that use the snort detection files (since that
project has been purchased by Cisco) and actually works well using memory
quite differently.

The bottom line is you must take security responsibility and I expect that
greater liability will be levied for sites/owners that fail to do so in the
future.








On Sat, Nov 22, 2014 at 7:17 AM, Keith Smith <techlists at phpcoderusa.com>
wrote:

> I agree with most of what you say.  The down side is what we saw with the
> Drupal exploit.  It goes viral and if you are not quick enough you can get
> hit.  My point is the exploits become common knowledge. The bad hackers can
> automate looking for an exploit.  That is a side effect of open source.
>
> I was not saying it was open source's fault that I tend to set and forget
> - that is on me.
>
> I was not thinking proprietary vs open source I was thinking custom built
> (using open source such as PHP, Perl...etc) vs open source apps.
>
> And I agree open source is great!!
>
>
>
>
> On 2014-11-20 11:24, Nathan England wrote:
>
>> On the contrary, "security" is the *upside* of open source. Issues get
>> found and typically resolved quickly, many times within hours, as
>> compared to other companies...
>>
>> http://www.theverge.com/2014/11/12/7202801/microsoft-
>> patches-critical-19-year-old-windows-bug
>>
>> Setting and forgetting a piece of code on a machine somewhere does not
>> become the fault of open source when it is not updated. Proprietary
>> stuff has just as many problems, if not more. Oftentimes, the open
>> source code is a labor of love and someone, or a group of people, want
>> it to be awesome and perfect and not have issues, whereas the
>> proprietary code is put out by a clearing house that just wants to hit
>> a release date and they will fix bugs down the road... or in
>> Microsoft's case, 20 years down the road...
>>
>> Security is most definitely not a *downside* of open source.
>>
>>
>>
>>
>> On 2014-11-20 06:13, Keith Smith wrote:
>>
>>> Last time I checked Hostgator will give you shell access for a one
>>> time charge of $10 per virtual host on their reseller accounts.
>>>
>>> There is more to your story and a problem I would think some of us
>>> have.  I was bit by the recent Drupal exploit. Security is the down
>>> side of open source.  I was bit several years ago because of an
>>> exploit in an open source app.
>>>
>>> It literally feels like a war zone out there.  I recently found a
>>> Drupal install on one of my domains that I had forgotten I had put out
>>> there.
>>>
>>> I, like you David, tend to set it and forget it.  Not any more.
>>>
>>>
>>>
>>> On 2014-11-19 23:34, David Schwartz wrote:
>>>
>>>> It’s a shared (reseller) hosting account at HostGator.
>>>>
>>>> I can upload scripts and set them up to run under cron (via cPanel),
>>>> but I don’t have SSH access.
>>>>
>>>> -David
>>>>
>>>>  On Nov 19, 2014, at 9:51 PM, Eric Cope <eric.cope at gmail.com> wrote:
>>>>>
>>>>> can you install it locally? run it in userspace?
>>>>>
>>>>> On Wed, Nov 19, 2014 at 9:42 PM, David Schwartz
>>>>> <newsletters at thetoolwiz.com> wrote:
>>>>>
>>>>>  Does anybody know of any scripts like tripwire that are designed
>>>>>> to be installed on shared hosting accounts to alert you to
>>>>>> unexpected changes?
>>>>>>
>>>>>> Tripwire works by taking an inventory of the folders and files
>>>>>> you want to monitor. It then will do a scan periodically via a
>>>>>> cron entry and compare the file signatures with those recorded
>>>>>> previously, as well as the two sets of file lists. Any new,
>>>>>> modified, or deleted files will be reported to you via email or
>>>>>> something like that.
>>>>>>
>>>>>> Somebody hacked into one of my websites through an exploit on an
>>>>>> old WP plugin that I neglected to update. I have no idea when it
>>>>>> happened, but just learned about it last week. I don’t pay a lot
>>>>>> of attention to most of my sites, so I thought it would make sense
>>>>>> to install something like tripwire to look for unexpected changes.
>>>>>> (Tripwire itself needs to be installed in the root and needs root
>>>>>> access, AFAIK. Maybe not. Suggestions welcome!)
>>>>>>
>>>>>> -David
>>>>>>
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>>>>>
>>>>
>>>>
>>>>
>>>> Links:
>>>> ------
>>>> [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>
>> --
>> Regards,
>> Nathan England
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> NME Consulting Services http://www.nmecs.com
>> Nathan England ( nathan at nmecs.com )
>> Systems Administration / Web Application Development
>> Information Security Consulting
>> (480) 559.9681
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
> --
> Keith Smith
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20141122/2ecc25da/attachment.html>

More information about the PLUG-discuss mailing list