Stealth V. 1.47.4

Frank B. Brokken

Center for Information Technology, University of Groningen

2005-2009

Table of Contents

Chapter 1: Introduction

1.1: What's new in Stealth V.1.47.4

1.2: Stealth

1.2.1: The integrity of the stealth distribution

Chapter 2: Installation

2.1: Compiling and installing Stealth

Chapter 3: The `policy' file

3.1: DEFINE directives

3.2: USE directives

3.3: Commands

3.3.1: LABEL commands

3.3.2: LOCAL commands

3.3.3: REMOTE commands

3.3.4: Preventing Controller Denial of Service (--max-size)

Chapter 4: Granting access

4.0.1: The controller's user: creating an ssh-key

4.0.2: The client's account: accepting ssh from the controller's user

4.0.3: Logging into the account@client account

4.0.4: Using the proper shell

Chapter 5: Running `stealth'

5.1: Installing `stealth'

5.2: Construct one or more policy files

5.2.1: the DEFINE directives

5.2.2: the USE directives

5.2.3: the commands

5.2.3.1: Obtain the client's sha1sum program

5.2.3.2: Check the integrity of the client's sha1sum program

5.2.3.3: Check the client's /usr/bin/find command

5.2.3.4: Check the client's setuid/setgid files

5.2.3.5: Check the configuration files in the client's /etc/ directory

5.2.4: The complete `policy' file

5.3: Running `stealth' for the first time

5.3.1: The mailed report

5.3.2: Files under /root/stealth/client

5.4: Running `stealth' again: all files unaltered

5.5: Running `stealth' again: modifications have occurred

5.6: Failing LOCAL commands

5.7: Automating `stealth' runs using `cron'

5.8: Report File Rotation

5.8.1: Status file cleanup

5.8.2: Using `logrotate' to control report- and status files

Chapter 6: Kick starting `stealth'

Chapter 7: Usage info

Chapter 8: Errormessages