Good sarc monitoring tip



Sarc is still in their month of security tips per day and todays is another good one. Todays tip is about monitoring machines, particularly those that “defend” your network. (Mail antivirus scanners/ proxy fitlers/scanners/etc.) The core of the advice is to not just ping – that only tells you if the system exists and is online – it doesn’t tell if things are working. They suggest scripting tests (antivirus scanner can be tested via the EICAR test signature for instance.) They note that doesn’t tell if the av scanner is updated (I prefer a crontab output of the days updates – looks like there were around 9 clamav signature updates yesterday.


I know, some of you are thinking, but I don’t want that much mail everyday. If you’re using a linux based system for monitoring you can script things in a number of ways. You can have the monitoring continually running and not contact you unless there’s a problem. (I have a tendency to use temporary files to hold the status of a service and then compare current results of a check to the last (in the temporary file) if the status has changed it will let me know, if all is the same I won’t be pestered by continual messages.) The only problem with this approach is if you start tuning out the messages because they’re too frequent. (That’s why it’s useful to improve your scripts to only notify you of changes.)

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Desktop Security 2010 | Desktop Security 2010 Removal Guide Desktop Security 2010 is a rogue antivirus application. It is a successor to Total PC Defender and installs on your pc without permission through the use of malware. Once on your system it will create numerous files that it then finds during scheduled scans and it claims these files are......
  • Windows more secure than Linux? For the last week, I've seen various headlines referring to a report from US-CERT that indicated 2005 had 5,198 security flaws reported. Out of those 2,328 were reported for Linux/Unix, 812 for Windows and 2,058 affecting more than one operating system. Now, I'm seeing all sorts of headlines about how......
  • Linux network worm... There is a linux network worm (virus) in the wild, which I've mentioned already in an earlier post. I did want to take a few moments to highlight this and dispell a few myths. (This is the first linux virus I recall seeing over at SARC in the last couple......
Blog Traffic Exchange Related Websites
  • free SANS webcasts powered by vLive! The SANS Institute <Webcast@sans.org wrote: Please join us in the upcoming weeks for the following informative, free SANS webcasts powered by vLive!, the SANS Institute's online learning platform: WEBCAST 1 Internet Storm Center: Threat Update WHEN: Wednesday, May 11, 2011 at 1:00 PM ET (1700 UTC/GMT) FEATURING: Johannes Ullrich https://www.sans.org/webcasts/isc-threat-update-20110511-94088......
  • ScanShell Store - Business Card Scanner document.write(''); Stop typing customer info into your computer. Start scanning their business cards and documents for a speedy data entry and database creation. We sell all manner of scanning solutions including Business Card scanner, ID scanner, Medical card scanner, Driver License scanner, portable scanner and much more. We offer......
  • Protecting Your Computer with Free Antivirus Software - A Good Deal ? If you're like many college students today, you depend on your computer for your education. Papers are planned, researched , and written with it. Group project assignments are broken down and delegated online. Without a computer, you'd probably have a hard time getting things done efficiently. Your computer is a valuable tool for......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site