etch  ] [  etch-m68k  ] [  lenny  ] [  squeeze  ] [  sid  ]
[ Source: stealth  ]

Package: stealth (1.47.3-1)

A stealthy File Integrity Checker

The STEALTH program performs File Integrity Checks on (remote) clients. It differs from other File Integrity Checkers by not requiring baseline integrity data to be kept on either write-only media or in the client's file system. In fact, client's will contain hardly any indication at all that they are being monitored, thus improving the stealthiness of the integrity scans.

STEALTH uses standard available software to perform file integrity checks (like find(1) and md5sum(1)). Using individualized policy files, it is highly adaptable to the specific requirements of its clients.

In production environments STEALTH should be run from an isolated computer (called the `STEALTH monitor'). In optimal configurations the STEALTH monitor should be a computer not accepting incoming connections. The account used to connect to its clients does not have to be `root': usually read-access to the client's file system is enough to perform a full integrity check. Instead of using `root' a more restrictive administrative or ordinary account might offer all requirements for the desired integrity check.

STEALTH itself must communicate with the computers it should monitor. It is essential that this communication is secure, and STEALTH configurations will therefore normally specify SSH as the command-shell to use to connect to its clients. STEALTH may be configured so as to use but one SSH connection per client, even if integrity scans are to be performed repeatedly. Apart from this, the STEALTH monitor might be allowed to send e-mail to remote clients system's maintainers.

STEALTH-runs itself may start randomly within specified intervals. The resulting unpredicability of STEALTH-runs further increases STEALTH's stealthiness.

STEALTH's acronym is expanded to `Ssh-based Trust Enforcement Acquired through a Locally Trusted Host': the client's trust is enforced, the locally trusted host is the STEALTH monitor.

Tags: System Administration: Logging, Monitoring, Implemented in: C++, User Interface: Command Line, Daemon, Role: Program, Security: File Integrity, Purpose: Checking, Monitoring

Other Packages Related to stealth

  • depends
  • recommends
  • suggests
  • dep: libbobcat2 (>= 2.01.0) [not kfreebsd-amd64, kfreebsd-i386, m68k]
    run-time (shared) Bobcat library
    dep: libbobcat2 (>= 2.01.1) [m68k]
    dep: libbobcat2 (>= 2.02.03) [kfreebsd-amd64, kfreebsd-i386]
  • dep: libc0.1 (>= 2.3) [kfreebsd-amd64, kfreebsd-i386]
    GNU C Library: Shared libraries
    also a virtual package provided by libc0.1-udeb
  • dep: libc6 (>= 2.1.3) [i386]
    GNU C Library: Shared libraries
    also a virtual package provided by libc6-udeb
    dep: libc6 (>= 2.2) [hppa, mips, mipsel]
    dep: libc6 (>= 2.2.5) [amd64]
    dep: libc6 (>= 2.4) [armel, powerpc, s390]
    dep: libc6 (>= 2.5-5) [m68k]
    dep: libc6 (>= 2.6) [sparc]
  • dep: libc6.1 (>= 2.2) [ia64]
    GNU C Library: Shared libraries
    also a virtual package provided by libc6.1-udeb
    dep: libc6.1 (>= 2.4) [alpha]
  • dep: libgcc1 (>= 1:4.1.1) [not armel, hppa, kfreebsd-amd64, kfreebsd-i386, m68k]
    GCC support library
    dep: libgcc1 (>= 1:4.3) [armel]
    dep: libgcc1 (>= 1:4.4) [kfreebsd-amd64, kfreebsd-i386]
  • dep: libgcc2 (>= 4.2.1) [m68k]
    Package not available
  • dep: libgcc4 (>= 4.1.1) [hppa]
    GCC support library
  • dep: libstdc++6 (>= 4.2.1) [not armel, kfreebsd-amd64, kfreebsd-i386]
    The GNU Standard C++ Library v3
    dep: libstdc++6 (>= 4.3) [armel]
    dep: libstdc++6 (>= 4.4) [kfreebsd-amd64, kfreebsd-i386]
  • dep: libunwind7 (>= 0.98.5-6) [ia64]
    A library to determine the call-chain of a program - runtime

Download stealth

Download for all available architectures
Architecture Package Size Installed Size Files
alpha 101.8 kB364 kB [list of files]
amd64 97.1 kB316 kB [list of files]
armel 90.0 kB272 kB [list of files]
hppa 108.6 kB356 kB [list of files]
i386 94.3 kB300 kB [list of files]
ia64 122.1 kB492 kB [list of files]
kfreebsd-amd64 97.4 kB258 kB [list of files]
kfreebsd-i386 94.2 kB242 kB [list of files]
m68k (unofficial port) 91.9 kB312 kB [list of files]
mips 96.4 kB412 kB [list of files]
mipsel 96.5 kB412 kB [list of files]
powerpc 101.2 kB324 kB [list of files]
s390 95.9 kB304 kB [list of files]
sparc 153.8 kB612 kB [list of files]