Detecting when you need to system rescue
Another problem I see more and more often is that less and less data is actually stored on traditional filesystems. Databases and NoSQL systems, such as MongoDB and Hadoop, are increasingly used to store data objects, and there's no easy way to apply tools like Open Source Tripwire or AIDE to them. Monitoring such systems for changes and integrity will require software that is not available yet. (Weirdly, I can't find anyone working on this, so let me know if you are!)
Even having a noisy system that you mostly ignore is better than having no detection at all. If a break-in or accident occurs, at least you'll be able to get some idea of the scope of it, and, if you're lucky, you'll be able to determine the actual damage and see how the breach occurred. Of course, these monitoring tools also need to be paired with a good data backup strategy so that you have something with which to restore your system.
Another benefit of tools like Open Source Tripwire and AIDE is that they can pinpoint exactly which files need to be restored (e.g., if files have the same hash value that they had last week, you don't need to worry) and thereby significantly reduce restore times.
- Open Source Tripwire: http://sourceforge.net/projects/tripwire/
- AIDE: http://aide.sourceforge.net/
- "Secure storage with GlusterFS" by Kurt Seifried, Linux Magazine, issue 153, August 2013: http://www.linux-magazine.com/Issues/2013/153/Security-Lessons-GlusterFS/(language)/eng-US
- "Kernel rootkits and countermeasures" by Jürgen Quade, Linux Magazine, issue 147, February 2013: http://www.linux-magazine.com/Issues/2013/147/Kernel-Rootkits/(language)/eng-US
- "Monitor file and directory activity with incron" by Paul Brown, Linux Magazine, issue 158, January 2014: http://www.linux-magazine.com/Issues/2014/158/Monitoring-with-incron/(language)/eng-US
Buy this article as PDF
Azure CTO says Redmond has already considered the unthinkable.
Lead developer quells rumors that the Debian version is slated for center stage.
MSBuild is now just another GitHub project as Redmond continues its path to the light.
Malware could pass data and commands between disconnected computers without leaving a trace on the network.
New rules emphasize collegiality in coding.
Upstart lands in the dust bin as a new era begins for Linux.
HP's annual Cyber Risk report offers a bleak look at the state of IT.
But what do the big numbers really mean?
.NET Core execution engine is the basis for cross-platform .NET implementations.
The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.