Chapter 6: Kick-starting `stealth'

Here are the steps to take to kick-start stealth

Install the stealth Debian package stealth_4.01.10_i386.deb and thus accept the provided binary program (skipping the next series of steps) or do not accept the provided binary, and compile stealth yourself, as per the following steps:
Unpack stealth_4.01.10.tar.gz: tar xzvf tealth_4.01.10.tar.gz
cd stealth;
Inspect, and where necessary modify the values of the variables in the files INSTALL.cf and icmconf;
Install a recent Gnu g++ compiler;
Install the bobcat library (both the binary and development version) (https://fbb-git.github.io/bobcat/);
Install the icmake program (https://fbb-git.github.io/icmake/);
Run `./build program strip' to compile stealth;
Run (probably as root) `./build install program' to install;
Optionally install documentation. See section 2.1.

Following the installation the stealth directory tree has become superfluous and can safely be removed.

Next, do:

cp share/usr/bin/stealthmail /usr/local/bin
mkdir /root/stealth
cp documentation/example-policies/localhost.pol /root/stealth

ssh and bash (or another shell program) should be available. root@localhost should be able to login at localhost using ssh root@localhost, using the /bin/bash. Check (as `root') at least

    ssh root@localhost

as this might ask you for a confirmation that you've got the correct host. Now, run

    stealth /root/stealth/localhost.pol

to initialize the stealth-report files for localhost. This initializes the report for

all root setuid/setgid executable files on localhost,
and for all files under /etc/ on localhost.

The mail-report is sent to root@localhost.

Now change or add or remove one of these files, and rerun stealth. The file /tmp/stealth-4.01.10.mail should reflect these changes.