Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [suse-security] Recomendations for surveillance/configuration/heartbeat tool for remote servers
From: Armin Schoech (armin.schoechweb.de)
Date: Sun Jun 27 2004 - 15:55:10 CDT
first of all we would need to know which OS the remote servers are
running. If it is (SuSE) Linux, you should at least have SSH access on
port 22. Then you can tunnel all other applications through SSH (see
"man ssh" and the "-L/-R" options.
Installing VPN is more complicated and is (at least partly) dependent
on whether the servers are behind a NAT-router or not. SSH and
tunneling is more simple. You could run a VNC-server on the machines
to access the graphical screen (make it listen on localhost only and
tunnel port 5900 by SSH to get security+encryption also on VNC).
If you are running Windows on the servers, one option is to install
the Cygwin package (www.cygwin.com) and use the Cygwin SSH server for
access. Then run TightVNC on localhost only and tunnel port 5900 by
SSH for secure access.
The nice thing about SSH is that you need only one port through your
firewall(s)/router(s). Make sure each server has its own firewall and
allow SSH access only from your IP.
For "heartbeat" functionality, run a script on your server
that pings all servers and writes an email if the ping times out. If
ping (ICMP packages) are not able to reach the remote servers, you
could run a script on the remote server to send an email every 5min.
Use procmail on your site to process the incoming emails and notice
you when one of the server stops sending them.
Am Hasenberg 26 office: Institut für Atmosphärenphysik
D-18209 Bad Doberan Schloss-Straße 6
Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY
Email: schoechiap-kborn.de Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here