LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-17-2010, 10:04 PM   #1
packets
Member
 
Registered: Oct 2005
Posts: 280

Rep: Reputation: 30
file integrity check


I need to monitor a file if its being modified and if yes, I need to execute a script. Would anyone recommend any tools besides tripwire that is capable of doing this. If there are simple commands or linux commands other than installing third party software,please let me know. Otherwise, I'll try to install open source software that you would recommend.
 
Old 08-18-2010, 12:05 AM   #2
sag47
Senior Member
 
Registered: Sep 2009
Location: Philly, PA
Distribution: Kubuntu x64, RHEL, Fedora Core, FreeBSD, Windows x64
Posts: 1,421
Blog Entries: 33

Rep: Reputation: 355Reputation: 355Reputation: 355Reputation: 355
Create a script which calculates the md5sum of the file initially.

After that use md5sum to check if the file has changed in an infinite loop with the script waiting for a given time interval.

Give the script some sort of stop mechanism.

Start attempting to write a script to do that. If you get stuck then post what you have and we users can help you make it work or to refine it to work better.

SAM

Last edited by sag47; 08-18-2010 at 12:07 AM.
 
Old 08-18-2010, 12:09 AM   #3
packets
Member
 
Registered: Oct 2005
Posts: 280

Original Poster
Rep: Reputation: 30
@sag47

Yes. Currently making script right now using md5sum and will just compare the output.

Just wandering if there are already tools available on the net that I haven't stumble yet.

I'm checking afick but it seems it was for generating reports only.
 
Old 08-18-2010, 06:09 PM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
If by "being modified" you mean you are concerned with changes in content, ownership, permissions, inode, et al., then you might consider a very simple configuration of a HIDS like aide.

If all you really care about is content, then a cryptographic hash is perfect. Initialize it once, and check it regularly with a cronjob. Be sure to check out openssl's dgst(1). Recent implementations should support sha512.
 
Old 08-18-2010, 09:11 PM   #5
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,094
Blog Entries: 2

Rep: Reputation: 111Reputation: 111
if you know a bit of C you can use the inotify routines to actively tell you when the file(s) get modified
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I check the integrity Mandriva ISO file alejandroye Mandriva 2 07-11-2010 06:47 PM
File Integrity Check of Proftpd linuxsrc Linux - Software 2 03-04-2008 07:24 PM
File Integrity Check of Proftpd linuxsrc Linux - Software 2 03-03-2008 03:04 AM
File System Integrity Check Palula Linux - Newbie 13 08-07-2005 04:07 AM


All times are GMT -5. The time now is 03:54 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration