you don’t want the process restarted, just keeping an eye on the process table to see
whether the process has failed will be an indicator if something has happened to the
process.
Runaway processes can start chewing up processor resources. As a result, looking at
processor utilization and memory utilization is essential. This can be done using
open source monitoring utilities. You can also use commercial software or, in the case
of Windows or macOS, built-in operating system utilities for the monitoring. One
popular monitoring program is Nagios. On one of my virtual systems, I have Nagios
installed. In
Figure 2-2
, you can see the output of the monitoring of that host.
Without any additional configuration, Nagios monitors the number of processes,
processor utilization, and service state of both the SSH and HTTP servers.
Figure 2-2. Monitoring resources
If you aren’t getting the cooperation, for whatever reason, of the operations staff, and
you don’t have direct access to the systems under test, you may need to be able to
track at least the service state remotely. When you are using some of the network test
tools that we’ll be talking about here, they may stop getting responses from the ser‐
vice being tested. This may or may not be a result of the service failing. It could be a
problem with the monitoring or it could be some security mechanism in place to shut
down network abuses. Manually verifying the service to ensure it is down is impor‐
tant.
Essential to Reporting
When you are testing and you notice that a service has failed, make
sure you have noted, to the best of your ability, where the failure
occurred. Telling a customer or your employer that a service failed
isn’t very helpful because they won’t know how to fix it. Keeping
detailed notes will help you when you get to reporting so you can
tell them exactly what you were doing when the service failed if
they need to be able to recreate it in order to resolve the problem.
Manual testing can be done using a tool like
netcat
or even the
telnet
client. When
you connect to a service port by using one of these tools, you will get an indication as
to whether the service is responsive. Doing this manual verification, especially if it’s
done from a separate system to rule out being blocked or blacklisted, can help to rule
out false positives. Ultimately, a lot of security testing can come down to ruling out
