Seek script to monitor sizes of list of files and send alert if size changes
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Seek script to monitor sizes of list of files and send alert if size changes
I am looking for a utility that would do the following:
1. Be run manually on a list of files whose sizes should not change, to get a control file containing the sizes of each file.
2. Subsequent manual runs would report any changes in size of any of the files in the list, and allow option to accept the new sizes.
3. Be run as a cron job to check for changes in the file sizes and send an email alert if a change has occurred since the last time it was run.
The purpose is to detect possible hacks of key files on a website. It would not include files expected to change, but just those that should not change. It would be run manually a few times to get the control list one wants to monitor.
I have looked at Monit but it seems like overkill unless I can find a lot easier way to install and use it on my site. Any suggestions?
There are several tools you can use to monitor files, watch, inotify, audit, ... But I think for the simple use you need it would be simpler to just write a script that checks either the size, modification time/date, md5 hash or other things, whatever you need. Store the information you want to check in a file and at a chosen time interval loop through that file to check the values of the file against what's in that file.
As with all script request here at LQ you'll need to put in the work and show us what you've got written already and where it's failing or where you're encountering problems.
Aide, Samhain, hell even tripwire would do. Wrt purpose and "detecting hacks of key files" please don't mistake the script you intend to use for proper security. Any add-ons like alerting should be preceded by proper hardening. Security should not be an afterthought and it should be more than running a wee script.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.