Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-17-2010, 10:04 PM   #1
Registered: Oct 2005
Posts: 335

Rep: Reputation: 32
file integrity check

I need to monitor a file if its being modified and if yes, I need to execute a script. Would anyone recommend any tools besides tripwire that is capable of doing this. If there are simple commands or linux commands other than installing third party software,please let me know. Otherwise, I'll try to install open source software that you would recommend.
Old 08-18-2010, 12:05 AM   #2
Senior Member
Registered: Sep 2009
Location: Raleigh, NC
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,862
Blog Entries: 36

Rep: Reputation: 469Reputation: 469Reputation: 469Reputation: 469Reputation: 469
Create a script which calculates the md5sum of the file initially.

After that use md5sum to check if the file has changed in an infinite loop with the script waiting for a given time interval.

Give the script some sort of stop mechanism.

Start attempting to write a script to do that. If you get stuck then post what you have and we users can help you make it work or to refine it to work better.


Last edited by sag47; 08-18-2010 at 12:07 AM.
Old 08-18-2010, 12:09 AM   #3
Registered: Oct 2005
Posts: 335

Original Poster
Rep: Reputation: 32

Yes. Currently making script right now using md5sum and will just compare the output.

Just wandering if there are already tools available on the net that I haven't stumble yet.

I'm checking afick but it seems it was for generating reports only.
Old 08-18-2010, 06:09 PM   #4
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
If by "being modified" you mean you are concerned with changes in content, ownership, permissions, inode, et al., then you might consider a very simple configuration of a HIDS like aide.

If all you really care about is content, then a cryptographic hash is perfect. Initialize it once, and check it regularly with a cronjob. Be sure to check out openssl's dgst(1). Recent implementations should support sha512.
Old 08-18-2010, 09:11 PM   #5
Senior Member
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,126
Blog Entries: 2

Rep: Reputation: 124Reputation: 124
if you know a bit of C you can use the inotify routines to actively tell you when the file(s) get modified


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I check the integrity Mandriva ISO file alejandroye Mandriva 2 07-11-2010 06:47 PM
File Integrity Check of Proftpd linuxsrc Linux - Software 2 03-04-2008 07:24 PM
File Integrity Check of Proftpd linuxsrc Linux - Software 2 03-03-2008 03:04 AM
File System Integrity Check Palula Linux - Newbie 13 08-07-2005 04:07 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:43 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration