Mon, 2015-07-20 at 21:09 +0900, Tetsuo Handa wrote: > Burn Alting wrote: > > All, > > > > I am interested in any Linux based capability that will monitor > > identified files and report on actual changes to the monitored file. I > > know there are methods of recording that the file has been changed (e.g. > > aide and/or monitor writes via auditd), but I want to know what has > > changed ... basically something that would provide a 'diff' like output. > > > > Now there are tools like Samhain that will record the content changes of > > a file that is <= 92000 bytes in size, but I am interested in a more > > lightweight solution ... perhaps a simple inotify(7) based utility that > > perhaps maintains a copy of the file(s) in core (in compressed format) > > and based on inotify() returns checks for changes and reports (somehow > > yet to be defined) the before/after changes. > > > > Is there anything 'out there' that list members are aware of? > > If you don't need to protect "copy of the file(s)" from malicious attacks, > I think cvs / svn / git etc. would be sufficient. > > If you need to protect "copy of the file(s)" from malicious attacks, > you would need to use access control mechanisms (e.g. SELinux). Tetsuo,
I appreciate what you say, but I am looking at this problem from the point of view of a. There is no central management of configuration files, which means git/puppet is not a viable solution. b. The entity that will change the file is authorized to make the change. That is, I just want to know what has changed. I am assuming there are sufficient access control mechanisms to 'protect the file'. Regards -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
