Availability and Security

Running a dediacted server problably the most important aspect is availabilite, i. e. the constant and uninterupted operation of all relevant services. Furthermore data security and integrity are important to guarantee that no one has changed or deleted the data served or stored. In this section an overview over the solutions that are used on incunabulum.de is given.

Availability

The availability of services is done using the monit system monitoring tool.

From the product page:

  monit is a utility for monitoring and managing daemons or 
  similar programs running on a Unix system. It will start 
  specified programs if they are not running and restart 
  programs not responding.

This tool checks regulary if a process with a given pid file is alive and – if configured and possible – the corresponding ports are accessible. In case of a broken process monit restarts the service. Disk quotas and memory usage checks are also performed by monit.

The status of services etc. is available online via the status page or directly here

The configuration file is online for download

Furthermore in case of errors email notifications are send to mail addresses defined. For critical errors mail is send to an sms forwarder so that instant and offline notification is possible.

Security

Snort

Snort is a sniffer and packet logger used for intrusion detection. All incoming trraffic is scanned for possibly critical patterns. Warnings are given in case of suspicious packets.

From the package information:

   Snort is a libpcap-based packet sniffer/logger which can be used as a
   lightweight network intrusion detection system. It features rules
   based logging and can perform content searching/matching in addition
   to being used to detect a variety of other attacks and probes, such
   as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
   much more. Snort has a real-time alerting capability, with alerts being
   sent to syslog, a separate "alert" file, or even to a Windows computer
   via Samba.

Currently all alert mails are send to the local alert email account.

Other

Not implemented yet. Possible candidate solutions are samhain, aide, integrit