LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-21-2011, 06:37 PM   #1
Jbone78
LQ Newbie
 
Registered: Jun 2011
Distribution: SUSE 10 sp3
Posts: 1

Rep: Reputation: Disabled
Wink HELP ME!! with Security


Hello I have been asked to help set up security monitoring on Linux systems.

I have currently created baseline files using the following commands

find / -perm -4000
find / -perm -2000

What I want to do is create a crontab that would either check for a change in filesize or do a dif (not sure what would be the best route)

Can someone please give me some pointers

Thanks
 
Old 06-21-2011, 06:51 PM   #2
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,412

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
You're going to need these

http://rute.2038bug.com/index.html.gz
http://www.adminschoice.com/docs/cro...Crontab%20file
http://tldp.org/LDP/Bash-Beginners-G...tml/index.html
http://www.tldp.org/LDP/abs/html/
www.linuxtopia.org

Please add the distro name and version of Linux you are running to your profile.
Try
Code:
cat /etc/*release*
uname -a
lsb_relase

Note that you do not want to monitor filesize changes on files that you know will change rapidly/frequently (usually most stuff under /var, especially /var/log). Also, ignore /proc, it's just a window into the kernel
Pre-built tools include Tripwire, Samhain etc; see the Security Forum.
 
Old 06-21-2011, 06:54 PM   #3
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Hi, welcome to LQ!


Quote:
Originally Posted by Jbone78 View Post
Hello I have been asked to help set up security monitoring on Linux systems.

I have currently created baseline files using the following commands

find / -perm -4000
find / -perm -2000

What I want to do is create a crontab that would either check for a change in filesize or do a dif (not sure what would be the best route)

Can someone please give me some pointers

Thanks
Why re-invent the wheel? Install AIDE or samhain, and be merry.



Cheers,
Tink
 
1 members found this post helpful.
Old 06-21-2011, 07:17 PM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 19,272

Rep: Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441Reputation: 4441
Quote:
Originally Posted by Tinkster View Post
Hi, welcome to LQ!
Why re-invent the wheel? Install AIDE or samhain, and be merry.
Agreed...and Tripwire (mentioned previously), is also great, and my personal favorite.
 
1 members found this post helpful.
Old 06-21-2011, 07:21 PM   #5
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Quote:
Originally Posted by TB0ne View Post
Agreed...and Tripwire (mentioned previously), is also great, and my personal favorite.
Wow ... when did tripwire get forked into an OpenSource branch?
I was going to go off on a ramble about it's licence, but it
appears it's GPLed ?


Cheers,
Tink
 
Old 06-21-2011, 07:25 PM   #6
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,412

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
Actually, I just took that off the top of my head. when I saw your post I thought maybe I should have said AIDE... Anyway, if the OP comes back, he should get the hint after this lot
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Security Questions] Last Login, how good is this feature for security breach info? t3gah Linux - Security 2 06-14-2005 02:02 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration