LinuxQuestions.org - I'm wanting to know how I can find "every change" that occurs to the system after ins

- Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)

- - I'm wanting to know how I can find "every change" that occurs to the system after ins (https://www.linuxquestions.org/questions/linux-software-2/im-wanting-to-know-how-i-can-find-every-change-that-occurs-to-the-system-after-ins-4175529193/)

steelheat

12-24-2014 11:50 PM

I'm wanting to know how I can find "every change" that occurs to the system after ins

I'm wanting to know how I can find "every change" that occurs to the system after installing a program.

In other words, is there a program(s) or commands that I can run before and
after installing software, that will find all the changes to the system and
all the new files that have been installed?

astrogeek

12-24-2014 11:58 PM

I do that at times using this:

Code:

tree -aifFD -I 'home|tmp|sys|proc|root' / >pre_tree



... install things here...



tree -aifFD -I 'home|tmp|sys|proc|root' / >post_tree



sdiff -s pre_tree post_tree > diff_tree

The -I list is directories to NOT include, adjust to your needs.

The file diff_tree will provide the list of everything that has changed.

steelheat

12-26-2014 10:24 PM

Thank you astrogeek!
I will be trying your code out and will get back to you soon I hope!

Thanks for giving me something to check out my system with.sh

jpollard

12-26-2014 11:06 PM

You might also check with your distribution and see if it has "tripwire" available.

Tripwire (the program not the company) is a file monitoring tool that does much more than just check access/modification dates. It can take a cryptographic checksum of the file and check to see if any file is modified, even if the dates on the file don't change.

It will detect silent data corruption as well as unauthorized changes...

All times are GMT -5. The time now is 02:13 AM.