What if you add a daily cron with a command like this:
find /some/dir -mtime -1 -exec somescript.sh '{}' \;
Where /some/dir is the dir you want to watch, and somescript.sh is a
script that will email you when the file has changed. See "man find"
for more options. You can set it to ignore files based on wildcards.
Matias Gertel
Freelance Web Development & Coding
e: [email protected]
m: +64 21 288 8840
p: +64 9 838 3367
On 10/06/2009, at 12:10 PM, chris burgess wrote:
Yes, tools like diff and md5 would work and I expect will form the
components of any solution. I figured that one of the popular IDS
mechanisms might be well tuned for this use case, and that there'd be
some folks on list using some similar solution (hand-rolled or of an
existing project).
Things like tripwire, rkhunter, etc focus on system binaries by
default (some - I forget which - even go so far as to add a signature
to the ELF header). If they're focused on binaries, they may not be so
capable when handling executables for the web (by which I mean *.php
and friends).
Differences that spring to mind for web-based executables are: the
large number of cross-referenced include files; ability to exclude
cache directories (eg apps which generate cache-xxx.php files in a
specific directory); different maintenance requirements of accepting
(or not!) the fact that a customer has just uploaded 112 .inc and .php
files when they downloaded phpbb2.
So - my target here is easier management of a server where another
admin is installing sites and modules of a popular CMS (and I'd like
to be notified of what's being added), and notification if an intruder
modifies any existing file as well.
--~--~---------~--~----~------------~-------~--~----~
NZ PHP Users Group: http://groups.google.com/group/nzphpug
To post, send email to [email protected]
To unsubscribe, send email to
[email protected]
-~----------~----~----~----~------~----~------~--~---
