Re: does any program to monitor files on a linux shared host?

[BH <lists () blackhat bz>]

If the site is important, please please please consider a VPS or 
dedicated server. I would never use shared hosting for an important 
site, a _LOT_ of people seem to deploy a Joomla/Wordpress/<Insert 
CMS/Forum/etc.> and then leave it with no updates.

With that out of the way, it would be trivial to write a perl script 
that recurses doing an md5 of files to compare to another file or 
database and check for extra files. You should be able to run that as a 
cron then. Depending on how paranoid, do an import with a known good 
copy of the database/file and script to ensure that nothing has changed 
and the hashes just updated by the attacker.

If you are running a VPS or dedicated server I would recommend using 
ossec for this task. I was interested in doing this exact task and moved 
all of my sites onto a few VPS's around the place and use ossec as it 
does this exact job perfectly.


On 22/09/2011 9:36 PM, Ali Asghar Toraby Parizy wrote:
> Hi
> I have a site that is performed on linux server
> (www.inmotionhosting.com) . The only tool that I can use is cpanel,
> because it is a shared host.
> I'm going to find a program to monitor files in shared host? I don't
> know what is the name of the such program. But I'm looking for a
> program like SIEM for shared http servers. I want know wich file is
> accessed without sufficient authorizations. does exsit any program to
> do this on a linux shared host?
> Who can help me?
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
> it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
> install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
> highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------