[ale] monitoring a web page

Bob Toxen transam at verysecurelinux.com
Thu Mar 23 13:51:50 EST 2006


On Wed, Mar 22, 2006 at 10:22:51AM -0500, Mike Fletcher wrote:
> On Mar 22, 2006, at 7:54 AM, Paul Cartwright wrote:
> > I have a need to monitor a web page, and all of the linux software I
> > have found has been ancient, non-supported, or I couldn't install it
> > ( wrong java, no java...)
> > anyone have something that works???
...

> Simple solution is to write a cron job that uses wget or curl to grab  
> the page and MD5s the contents.  Compare that against a saved md5 and  
> send email if it's different.  It'd then save off the current hash  
> for the next run.
You do NOT want to just compare checksums (cryptographic hashes using
md5sum or sha1sum or sha2sum to be technical) because that will cause
too many "false positive" alerts when someone changes the line

     The meeeting starts at 7pm

to

     The meeting starts at 7pm

That will cause you ignore the rare "checksum has changed" when the page
is changed to

     Screw you!  You are 0wn3d by Hackers, Inc.!


This is one of the failings of most commercial packages, including
Tripwire, that are too cheap to store a copy of the pages.  My solution,
discussed in my book, emails a "diff" of the pages that will show such
issues immediately.

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002



More information about the Ale mailing list