finding bad things and centralizing security

["Strider" <strider () chatcircuit com>]

 I manage 10 servers, each hosting a large number of virtual servers using
cPanel. The service is growing fairly rapidly so I need to know the best way
to centralize management of the security and the services on the servers,
such as periodic security security audits, monitoring processes (such as
server daemons), generate reports, so on and so forth. Snort is great for
reporting intrusion attempts, and tripwire for reporting unusual filesystem
activity, but not when you get several to sift through. I've seen many, such
as demarc's puresecure, but I am on a tight budget.
 
Also, the "finding bad things" part of this email, lately we've been hit
with users who are installing scripts with the purpose of exploiting their
bugs, and installing things like bindtty and cgi.pl (a shell through cgi
script), in order to do other bad things, including root attempts (albeit
unsuccessful). Is there a way to scan for these things and have either some
kind of automated action or a report sent via email? What I'd like to scan
for is the bugged scripts as well as the exploits (similar to chkrootkit,
except including the site scripts).

Thanks in advance.
 
Beau (Strider) Steward
strider () chatcircuit com
http://www.arteryplanet.net
http://www.chatcircuit.com


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts.  The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches.  Deadline for the best rates is April 25.  Register today to
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics
----------------------------------------------------------------------------