vicidial.org

Is there any way to setup a report that will display the following from phpmyadmin but with an automatic refresh rate to watch for hacking attempts on the DB?



Is there already a way to do this?

Also I have asked before but no responded, what about generating a report with the VB-Firewall that shows in real time anyone trying to hack into the system? A monitoring tool if you will.

Thanks,

-Nox

Any ideas for this Matt?

I would consider these specific requests outside of the scope of VICIdial itself, since they don't directly involve VICIdial. I'm sure there are utilities somewhere that can do this already, even if they're just plugins to Nagios or iCinga.

ok cool thx

We have done something like this, though we are not collecting this info on a database or dashboard.

1. Build a custom dashboard woth related fields like server IP.”, time of attack etc. Make it the way it accepts http post with parameters
2. Work with your linux magic to run a api post on the db events you want to log on the dashboard.

3. Watch the dashboard and enjoy.

Its much easier to use Nagios for this job and it also sends realtime email alerts for the same. But $2000 for 100 endpoints look too expensive for me lol..

carpenox wrote:Is there any way to setup a report that will display the following from phpmyadmin but with an automatic refresh rate to watch for hacking attempts on the DB?



Is there already a way to do this?

Also I have asked before but no responded, what about generating a report with the VB-Firewall that shows in real time anyone trying to hack into the system? A monitoring tool if you will.

Thanks,

-Nox

agreed for sure

I know vicihost has a NOC product they use. I think it has some sort of status check as well. Adding

Code: Select all

mysql -u cron -p\$VARDB_pass -e "show status like '%Aborted%'";

with some modifications to include other requested values would be fairly easy.

In our case, we run this directly in our ServerWatch package along with several others that are similar.

But ... we also lock the IP of each of the servers into the Database server so no other IPs can even make a request. Since all the servers are whitelisted, gaining access to the database would require being "allowed in" to at least one server and then taking over that server to make DB requests from it.

However, merely making a web page with these values showing and perhaps an alert if any of the values begin to climb, would be quite valuable. Whether it was an indication of attack or system failure ... either way it would be useful. Not a bad idea. At that point either add an auto-refresh feature to the page, or run it with a cron job and have the page generate an email if the values change (the ones that shouldn't at least).