Announcement

Collapse
No announcement yet.

Locking down the configuration

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Locking down the configuration

    Greetings,
    Is there any method to generate a CRC or some value that can show if the config has been changed ? Appreciate any ideas for having a virtual device as a CRC value or "Configuration Last Altered"

    Is there any plugin that might offer additional security related items.
    Thanks for any ideas you might have on this.

    #2
    Watching with interest

    Comment


      #3
      Interesting idea and not something I have seen mentioned before, just thinking though what bits do you actually wish to verify? Is it things like the config file for users to determine if new users have been added?

      The settings in the settings.ini file I would be wary of hashing because you don't know what HS does to the file legitimately which might create a false warning (it will update every time an event is run with a last run time which would throw out a hash). There may be keys out of this file worthy of checking though.

      The users.cfg file probably does not change and you could try and hash it, only issue is that this alone just records the users and encrypted passwords.

      The HS database is a non-starter, it is going to be changing that all of the time.

      There are methods for things like MD5 already in .net so it wouldn't be too difficult to create something however I think you would just need to be specific as to the parameters you wished to verify.

      Comment


        #4
        Originally posted by mrhappy View Post
        Interesting idea and not something I have seen mentioned before, just thinking though what bits do you actually wish to verify? Is it things like the config file for users to determine if new users have been added?

        The settings in the settings.ini file I would be wary of hashing because you don't know what HS does to the file legitimately which might create a false warning (it will update every time an event is run with a last run time which would throw out a hash). There may be keys out of this file worthy of checking though.

        The users.cfg file probably does not change and you could try and hash it, only issue is that this alone just records the users and encrypted passwords.

        The HS database is a non-starter, it is going to be changing that all of the time.

        There are methods for things like MD5 already in .net so it wouldn't be too difficult to create something however I think you would just need to be specific as to the parameters you wished to verify.
        Yes I thought the database would be impossible. Doesn't the written configuration of events remain static? I would like to know if an event was deleted or altered, and be able to call my attention to this via an event. This might be useful to have something in the startup script that compares old and new values to see if events or devices are missing. This has happened to me when restarting after a power failure in the days before my UPS arrived.

        The user data is another good idea and very timely with what I have heard about stray users appearing.

        A separate Watchdog utility similar to what iSpy uses would be nice. It is a separate process that restarts iSpy. The utility should have its own configuration so that it could send a notification like Pushover and respond if HS3 has stopped or is not running. Windows updates comes to mind here and so many times have had it update and reboot without my permission.

        Comment

        Working...
        X