I am looking for a utility that would do the following:

1. Be run manually on a list of files whose sizes should not change, to get a control file containing the sizes of each file.

2. Subsequent manual runs would report any changes in size of any of the files in the list, and allow option to accept the new sizes.

3. Be run as a cron job to check for changes in the file sizes and send an email alert if a change has occurred since the last time it was run.

The purpose is to detect possible hacks of key files on a website. It would not include files expected to change, but just those that should not change. It would be run manually a few times to get the control list one wants to monitor.

I have looked at Monit but it seems like overkill unless I can find a lot easier way to install and use it on my site. Any suggestions?

http://aide.sourceforge.net/

AIDE will do this.

Hello,

There are several tools you can use to monitor files, watch, inotify, audit, ... But I think for the simple use you need it would be simpler to just write a script that checks either the size, modification time/date, md5 hash or other things, whatever you need. Store the information you want to check in a file and at a chosen time interval loop through that file to check the values of the file against what's in that file.

As with all script request here at LQ you'll need to put in the work and show us what you've got written already and where it's failing or where you're encountering problems.

Kind regards,

Eric

Aide, Samhain, hell even tripwire would do. Wrt purpose and "detecting hacks of key files" please don't mistake the script you intend to use for proper security. Any add-ons like alerting should be preceded by proper hardening. Security should not be an afterthought and it should be more than running a wee script.

Would you like to know more?..

1 members found this post helpful.