LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-17-2010, 10:04 PM   #1
packets
Member
 
Registered: Oct 2005
Posts: 339

Rep: Reputation: 32
file integrity check


I need to monitor a file if its being modified and if yes, I need to execute a script. Would anyone recommend any tools besides tripwire that is capable of doing this. If there are simple commands or linux commands other than installing third party software,please let me know. Otherwise, I'll try to install open source software that you would recommend.
 
Old 08-18-2010, 12:05 AM   #2
sag47
Senior Member
 
Registered: Sep 2009
Location: Raleigh, NC
Distribution: Ubuntu, PopOS, Raspbian
Posts: 1,899
Blog Entries: 36

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
Create a script which calculates the md5sum of the file initially.

After that use md5sum to check if the file has changed in an infinite loop with the script waiting for a given time interval.

Give the script some sort of stop mechanism.

Start attempting to write a script to do that. If you get stuck then post what you have and we users can help you make it work or to refine it to work better.

SAM

Last edited by sag47; 08-18-2010 at 12:07 AM.
 
Old 08-18-2010, 12:09 AM   #3
packets
Member
 
Registered: Oct 2005
Posts: 339

Original Poster
Rep: Reputation: 32
@sag47

Yes. Currently making script right now using md5sum and will just compare the output.

Just wandering if there are already tools available on the net that I haven't stumble yet.

I'm checking afick but it seems it was for generating reports only.
 
Old 08-18-2010, 06:09 PM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
If by "being modified" you mean you are concerned with changes in content, ownership, permissions, inode, et al., then you might consider a very simple configuration of a HIDS like aide.

If all you really care about is content, then a cryptographic hash is perfect. Initialize it once, and check it regularly with a cronjob. Be sure to check out openssl's dgst(1). Recent implementations should support sha512.
 
Old 08-18-2010, 09:11 PM   #5
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,126
Blog Entries: 2

Rep: Reputation: 124Reputation: 124
if you know a bit of C you can use the inotify routines to actively tell you when the file(s) get modified
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I check the integrity Mandriva ISO file alejandroye Mandriva 2 07-11-2010 06:47 PM
File Integrity Check of Proftpd linuxsrc Linux - Software 2 03-04-2008 07:24 PM
File Integrity Check of Proftpd linuxsrc Linux - Software 2 03-03-2008 03:04 AM
File System Integrity Check Palula Linux - Newbie 13 08-07-2005 04:07 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration