Chapter 1: Introduction

Welcome to stealth. The program stealth implements a file integrity scanner. The acronym stealth can be expanded to

SSH-based Trust Enforcement Acquired through a Locally Trusted Host.

This expansion contains the following key terms:

stealth is based on an idea by Hans Gankema and Kees Visser, both at the Center for Information Technology of the University of Groningen.

stealth's main task is to perform file integrity tests. However, the testing will leave virtually no sediments on the tested computer. Therefore, stealth has stealthy characteristics. I consider this an important security improving feature of stealth.

The controller itself only needs two kinds of outgoing services: ssh(1) to reach its clients, and some mail transport agent (e.g., sendmail(1)) to forward its outgoing mail to some mail-hub.

Here is what happens when stealth is run:

Alternatively, the command-line options --reload, --rerun, --suspend, --resume and --terminate may be provided to communicate with an existing stealth daemon. These options require but one argument: the pathname to a pid-file of a running stealth.

The options --suspend and --rerun (see section 5.7) were implemented to allow safe rotations of stealth's report file.

1.1: What's new in Stealth V.3.00.00