Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is there a way to keep a list of all installed files & folders that were installed originally by any Linux distribution so that I can keep tabs on changes to the file structure? What’s the best way to achieve this with and without installing any additional software? E.g. Is there a way I can keep tabs without say installing Tripwire?
Why would you not want to use a tool like tripwire that is specifically designed for that task? Granted, you could recursively md5sum the entire filesystem and catalog them into a database, but you'll soon find that some files on the system are much to dynamic for this to work (think of /proc or your logs for example), therefore you have to put some forethought into what should and shouldn't be monitored. If you don't like tripwire, there are a whole slew of file alteration detectors. You can find a very good list in Unspawn's Security References thread (follow the link in my sig if you haven't checked it out already).
It isn't that I don't want to use Tripwire. I was wondering if there were any other alternatives or the possibility of using a software that was built into the kernel. I will however have a look at UnSpawn's security thread. Thank you.
I don't know of anything that would be built into the kernel. I think the closest to that might be a package manager (like Redhat's RPM) which maintains a db of all RPMs you've installed. However that's limited to RPMs, so if you install anything from source or have users files, they won't be accounted for.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.