[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RFS: The STEALTH File Integrity Checker

Dear list / Debian Sponsors,

    I'm looking for a sponsor and advocate for my program STEALTH. You'll find
the details about STEALTH below. Don't hesitate to contact me if there are any
questions or remarks related to STEALTH.

Package:            stealth
License:            Academic Free License
Location:           http://stealth.sourceforge.net/
Short Description:  A stealthy File Integrity Checker
Current Version:    1.42

Long Description:

 The STEALTH program performs File Integrity Checks on (remote) clients. It
 differs from other File Integrity Checkers by not requiring baseline
 integrity data to be kept on either write-only media or in the client's file
 system. In fact, client's will contain hardly any indication at all that they
 are being monitored, thus improving the stealthiness of the integrity scans.

 STEALTH uses standard available software to perform file integrity checks
 (like find(1) and md5sum(1)). Using individualized policy files, it is highly
 adaptable to the specific requirements of its clients.

 In production environments STEALTH should be run from an isolated computer
 (called the `STEALTH monitor').  In optimal configurations the STEALTH
 monitor should be a computer not accepting incoming connections. The account
 used to connect to its clients does not have to be `root': usually
 read-access to the client's file system is enough to perform a full integrity
 check. Instead of using `root' a more restrictive administrative or
 ordinary account might offer all requirements for the desired integrity

 STEALTH itself must communicate with the computers it should monitor. It is
 essential that this communication is secure, and STEALTH configurations will
 therefore normally specify SSH as the command-shell to use to connect to its
 clients. STEALTH may be configured so as to use but one SSH connection per
 client, even if integrity scans are to be performed repeatedly. Apart from
 this, the STEALTH monitor might be allowed to send e-mail to remote clients
 system's maintainers.

 STEALTH-runs itself may start randomly within specified intervals. The
 resulting unpredicability of STEALTH-runs further increases STEALTH's

 STEALTH's acronym is expanded to `Ssh-based Trust Enforcement Acquired
 through a Locally Trusted Host': the client's trust is enforced, the locally
 trusted host is the STEALTH monitor.

 In 2004, STEALTH was presented at the 15th FIRST congress in Ottawa, Canada.

 The package builds lintian and linda clean. 

 STEALTH requires libbobcat1 to run and libbobcat1-dev to compile. Libbobcat
was submitted with a `Request For Sponsor' separately.

About the author:

    dr. Frank B. Brokken is security manager and lecturer (C/C++) at the
University of Groningen, the Netherlands. Together with Karel Kubat he wrote
the program icmake (an article about icmake was published in the very first
issue of `The Linux Journal') and the pre-document language `Yodl'. Both
are available as Debian packages. Frank also wrote an published an extenstive
tutorial on C++, the C++ Annotations, which is found at
http://www.icce.rug.nl/documents/cplusplus. More information about his C++
course is found at http://www.icce.rug.nl/edu.

    In his spare time Frank is a professional flight instructor.

    Frank B. Brokken
    Computing Center, University of Groningen
    (+31) 50 363 9281
    Public PGP key: http://pgp.surfnet.nl:11371/
    Key Fingerprint: 8E36 9FC4 1DAA FCDF 1A0D  B19F DAC4 BE50 38C6 6170

Attachment: signature.asc
Description: Digital signature

Reply to: