%%
%%
-\section*{Using Bacula to Improve Computer Security}
-\label{_ChapterStart45}
+% TODO: this chapter name is confusing ... maybe rename to
+% TODO: "File Integrity Checking with Bacula"?
+\chapter{Using Bacula to Improve Computer Security}
+\label{VerifyChapter}
\index[general]{Security!Using Bacula to Improve Computer }
\index[general]{Using Bacula to Improve Computer Security }
-\addcontentsline{toc}{section}{Using Bacula to Improve Computer Security}
+% TODO: only those two digest algorithms?
+% TODO: can it use multiple at a time? (record and use both SHA1 and MD5?)
Since Bacula maintains a catalog of files, their attributes, and either SHA1
or MD5 signatures, it can be an ideal tool for improving computer security.
This is done by making a snapshot of your system files with a {\bf Verify} Job
comparison options on the {\bf Include} statements that you use in the {\bf
FileSet} resource of your {\bf Catalog} Jobs.
-\subsection*{The Details}
+\section{The Details}
\index[general]{Details }
-\addcontentsline{toc}{subsection}{Details}
In the discussion that follows, we will make reference to the Verify
Configuration Example that is included below in the {\bf A Verify
changed, you will be notified, and you can determine if it changed because you
loaded a new package, or because someone has broken into your computer and
modified your files. The example below shows a list of files that I use on my
-RedHat 7.3 system. Since I didn't spend a lot of time working on it, it
+Red Hat 7.3 system. Since I didn't spend a lot of time working on it, it
probably is missing a few important files (if you find one, please send it to
me). On the other hand, as long as I don't load any new packages, none of
these files change during normal operation of the system.
-\subsection*{Running the Verify}
+\section{Running the Verify}
\index[general]{Running the Verify }
\index[general]{Verify!Running the }
-\addcontentsline{toc}{subsection}{Running the Verify}
The first thing you will want to do is to run an {\bf InitCatalog} level
Verify Job. This will initialize the catalog to contain the file information
Verify {\bf Catalog} which will be the default. No differences should be
found.
-\subsection*{What To Do When Differences Are Found}
+\section{What To Do When Differences Are Found}
\index[general]{What To Do When Differences Are Found }
\index[general]{Found!What To Do When Differences Are }
-\addcontentsline{toc}{subsection}{What To Do When Differences Are Found}
If you have setup your messages correctly, you should be notified if there are
any differences and exactly what they are. For example, below is the email
to modify the {\bf FileSet} to exclude that file (or not to Include it), and
then re-run the {\bf InitCatalog}.
-The FileSet that is shown below is what I use on my RedHat 7.3 system. With a
+The FileSet that is shown below is what I use on my Red Hat 7.3 system. With a
bit more thought, you can probably add quite a number of additional files that
should be monitored.
-\subsection*{A Verify Configuration Example}
+\section{A Verify Configuration Example}
\index[general]{Verify Configuration Example }
\index[general]{Example!Verify Configuration }
-\addcontentsline{toc}{subsection}{Verify Configuration Example}
\footnotesize
\begin{verbatim}
#
FileSet {
Name = "Verify Set"
- Include = verify=pins1 signature=SHA1 {
- /boot
- /bin
- /sbin
- /usr/bin
- /lib
- /root/.ssh
- /home/kern/.ssh
- /var/named
- /etc/sysconfig
- /etc/ssh
- /etc/security
- /etc/exports
- /etc/rc.d/init.d
- /etc/sendmail.cf
- /etc/sysctl.conf
- /etc/services
- /etc/xinetd.d
- /etc/hosts.allow
- /etc/hosts.deny
- /etc/hosts
- /etc/modules.conf
- /etc/named.conf
- /etc/pam.d
- /etc/resolv.conf
+ Include {
+ Options {
+ verify=pins1
+ signature=SHA1
+ }
+ File = /boot
+ File = /bin
+ File = /sbin
+ File = /usr/bin
+ File = /lib
+ File = /root/.ssh
+ File = /home/kern/.ssh
+ File = /var/named
+ File = /etc/sysconfig
+ File = /etc/ssh
+ File = /etc/security
+ File = /etc/exports
+ File = /etc/rc.d/init.d
+ File = /etc/sendmail.cf
+ File = /etc/sysctl.conf
+ File = /etc/services
+ File = /etc/xinetd.d
+ File = /etc/hosts.allow
+ File = /etc/hosts.deny
+ File = /etc/hosts
+ File = /etc/modules.conf
+ File = /etc/named.conf
+ File = /etc/pam.d
+ File = /etc/resolv.conf
}
Exclude = { }
-}
+P
Client {
Name = MatouVerify
Address = lmatou
%%
%%
-\section*{Using Bacula to Improve Computer Security}
-\label{_ChapterStart45}
+% TODO: this chapter name is confusing ... maybe rename to
+% TODO: "File Integrity Checking with Bacula"?
+\chapter{Using Bacula to Improve Computer Security}
+\label{VerifyChapter}
\index[general]{Security!Using Bacula to Improve Computer }
\index[general]{Using Bacula to Improve Computer Security }
-\addcontentsline{toc}{section}{Using Bacula to Improve Computer Security}
+% TODO: only those two digest algorithms?
+% TODO: can it use multiple at a time? (record and use both SHA1 and MD5?)
Since Bacula maintains a catalog of files, their attributes, and either SHA1
or MD5 signatures, it can be an ideal tool for improving computer security.
This is done by making a snapshot of your system files with a {\bf Verify} Job
comparison options on the {\bf Include} statements that you use in the {\bf
FileSet} resource of your {\bf Catalog} Jobs.
-\subsection*{The Details}
+\section{The Details}
\index[general]{Details }
-\addcontentsline{toc}{subsection}{Details}
In the discussion that follows, we will make reference to the Verify
Configuration Example that is included below in the {\bf A Verify
changed, you will be notified, and you can determine if it changed because you
loaded a new package, or because someone has broken into your computer and
modified your files. The example below shows a list of files that I use on my
-RedHat 7.3 system. Since I didn't spend a lot of time working on it, it
+Red Hat 7.3 system. Since I didn't spend a lot of time working on it, it
probably is missing a few important files (if you find one, please send it to
me). On the other hand, as long as I don't load any new packages, none of
these files change during normal operation of the system.
-\subsection*{Running the Verify}
+\section{Running the Verify}
\index[general]{Running the Verify }
\index[general]{Verify!Running the }
-\addcontentsline{toc}{subsection}{Running the Verify}
The first thing you will want to do is to run an {\bf InitCatalog} level
Verify Job. This will initialize the catalog to contain the file information
Verify {\bf Catalog} which will be the default. No differences should be
found.
-\subsection*{What To Do When Differences Are Found}
+\section{What To Do When Differences Are Found}
\index[general]{What To Do When Differences Are Found }
\index[general]{Found!What To Do When Differences Are }
-\addcontentsline{toc}{subsection}{What To Do When Differences Are Found}
If you have setup your messages correctly, you should be notified if there are
any differences and exactly what they are. For example, below is the email
to modify the {\bf FileSet} to exclude that file (or not to Include it), and
then re-run the {\bf InitCatalog}.
-The FileSet that is shown below is what I use on my RedHat 7.3 system. With a
+The FileSet that is shown below is what I use on my Red Hat 7.3 system. With a
bit more thought, you can probably add quite a number of additional files that
should be monitored.
-\subsection*{A Verify Configuration Example}
+\section{A Verify Configuration Example}
\index[general]{Verify Configuration Example }
\index[general]{Example!Verify Configuration }
-\addcontentsline{toc}{subsection}{Verify Configuration Example}
\footnotesize
\begin{verbatim}
#
FileSet {
Name = "Verify Set"
- Include = verify=pins1 signature=SHA1 {
- /boot
- /bin
- /sbin
- /usr/bin
- /lib
- /root/.ssh
- /home/kern/.ssh
- /var/named
- /etc/sysconfig
- /etc/ssh
- /etc/security
- /etc/exports
- /etc/rc.d/init.d
- /etc/sendmail.cf
- /etc/sysctl.conf
- /etc/services
- /etc/xinetd.d
- /etc/hosts.allow
- /etc/hosts.deny
- /etc/hosts
- /etc/modules.conf
- /etc/named.conf
- /etc/pam.d
- /etc/resolv.conf
+ Include {
+ Options {
+ verify=pins1
+ signature=SHA1
+ }
+ File = /boot
+ File = /bin
+ File = /sbin
+ File = /usr/bin
+ File = /lib
+ File = /root/.ssh
+ File = /home/kern/.ssh
+ File = /var/named
+ File = /etc/sysconfig
+ File = /etc/ssh
+ File = /etc/security
+ File = /etc/exports
+ File = /etc/rc.d/init.d
+ File = /etc/sendmail.cf
+ File = /etc/sysctl.conf
+ File = /etc/services
+ File = /etc/xinetd.d
+ File = /etc/hosts.allow
+ File = /etc/hosts.deny
+ File = /etc/hosts
+ File = /etc/modules.conf
+ File = /etc/named.conf
+ File = /etc/pam.d
+ File = /etc/resolv.conf
}
Exclude = { }
-}
+P
Client {
Name = MatouVerify
Address = lmatou
#
FileSet {
Name = "Verify Set"
- Include = verify=pins1 signature=SHA1 {
- /boot
- /bin
- /sbin
- /usr/bin
- /lib
- /root/.ssh
- /home/kern/.ssh
- /var/named
- /etc/sysconfig
- /etc/ssh
- /etc/security
- /etc/exports
- /etc/rc.d/init.d
- /etc/sendmail.cf
- /etc/sysctl.conf
- /etc/services
- /etc/xinetd.d
- /etc/hosts.allow
- /etc/hosts.deny
- /etc/hosts
- /etc/modules.conf
- /etc/named.conf
- /etc/pam.d
- /etc/resolv.conf
+ Include {
+ Options {
+ verify=pins1
+ signature=SHA1
+ }
+ File = /boot
+ File = /bin
+ File = /sbin
+ File = /usr/bin
+ File = /lib
+ File = /root/.ssh
+ File = /home/kern/.ssh
+ File = /var/named
+ File = /etc/sysconfig
+ File = /etc/ssh
+ File = /etc/security
+ File = /etc/exports
+ File = /etc/rc.d/init.d
+ File = /etc/sendmail.cf
+ File = /etc/sysctl.conf
+ File = /etc/services
+ File = /etc/xinetd.d
+ File = /etc/hosts.allow
+ File = /etc/hosts.deny
+ File = /etc/hosts
+ File = /etc/modules.conf
+ File = /etc/named.conf
+ File = /etc/pam.d
+ File = /etc/resolv.conf
}
Exclude = { }
-}
+P
Client {
Name = MatouVerify
Address = lmatou
projects / bacula / docs / commitdiff