ICU 0.3 review
DownloadICU (Integrity Checking Utility) is a Perl program used for executing AIDE filesystem integrity checks on remote hosts from an ICU se
|
|
ICU (Integrity Checking Utility) is a Perl program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH.
The main goal is to make it easy to set up AIDE on new hosts and also to be able to check many hosts automatically as cron jobs from a server. The ideas are taken from ICS (Integrity Checking Server) by Rickard Cedergren, which is pretty much the same thing but for Tripwire. ICU is also a bit enhanced. You should have some knowledge about AIDE because you have to create binaries and default configurations for the architectures/operating systems you want to be able to use as ICU clients. Basic sample configuration files for different operating systems are provided also.
ICU is nice if you have several hosts and want to run AIDE on them in an easy and (kind of) secure way (please check the comments in the README about that!). Once you have an ICU server up and running it only takes seconds to add a new client. It can also be a nice central service to offer in organisations with local administrators (this is mostly what ICU was created for). The ICU server compares the remote files (binary, configuration and database) to the locally stored copies of the files before executing the filesystem check and reports if something has changed. The ICU server will also keep log files of all changes so if the remote host is compromised and the report is deleted there, it will still be available for investigation.
What's New in This Release:
Configuration file parser code now moved to external module (which will always be included with the ICU distribution). Also fixed a couple of bugs in it appearing when trying to use self-referencing or cross-referencing variables.
Timestamp format in ICU's logs changed to be same as in syslog.
Also changed timestamp format in the filenames of the databases etc.
Removed a couple of obsolete OpenSSH options from ICU.conf (so make sure you're running a recent version of OpenSSH on the ICU server).
If database or config had changed on the remote host, it will also have ...-MD5-mismatch-... in the filename when saved on the ICU server, just
as the binary would.
Usage of File::Copy instead of /bin/cp.
A few other minor fixes.
Documentation updates.
ICU 0.3 search tags