Hi, This is very handy!
But can you explain a little bit more. What does the "-1" mean? Let's say if I run that command now, does it give me the list of files that have been modified since ... when? Sid On Thu, Jun 11, 2009 at 9:21 AM, Craig Anderson<[email protected]> wrote: > Hi. > This will produce a list of changed files and it's not possible to put the > ctime back if you modify a file, it also ignores directories: > find /some/dir -ctime -1 \! -type d -print > -Craig > On 11/06/2009, at 9:07 AM, Wazzä wrote: > > One danger with this approach is if the intruder also modifies the > timestamp(s) on the files at the same time. > > Cheers, > Warren. > > 2009/6/10 Matias Gertel <[email protected]> >> >> What if you add a daily cron with a command like this: >> find /some/dir -mtime -1 -exec somescript.sh '{}' \; >> Where /some/dir is the dir you want to watch, and somescript.sh is a >> script that will email you when the file has changed. See "man find" for >> more options. You can set it to ignore files based on wildcards. >> Matias Gertel >> Freelance Web Development & Coding >> e: [email protected] >> m: +64 21 288 8840 >> p: +64 9 838 3367 >> On 10/06/2009, at 12:10 PM, chris burgess wrote: >> >> Yes, tools like diff and md5 would work and I expect will form the >> components of any solution. I figured that one of the popular IDS >> mechanisms might be well tuned for this use case, and that there'd be >> some folks on list using some similar solution (hand-rolled or of an >> existing project). >> >> Things like tripwire, rkhunter, etc focus on system binaries by >> default (some - I forget which - even go so far as to add a signature >> to the ELF header). If they're focused on binaries, they may not be so >> capable when handling executables for the web (by which I mean *.php >> and friends). >> >> Differences that spring to mind for web-based executables are: the >> large number of cross-referenced include files; ability to exclude >> cache directories (eg apps which generate cache-xxx.php files in a >> specific directory); different maintenance requirements of accepting >> (or not!) the fact that a customer has just uploaded 112 .inc and .php >> files when they downloaded phpbb2. >> >> So - my target here is easier management of a server where another >> admin is installing sites and modules of a popular CMS (and I'd like >> to be notified of what's being added), and notification if an intruder >> modifies any existing file as well. >> >> >> >> >> > > > > > > > > > -- Blue Horn Ltd - System Development http://bluehorn.co.nz --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] -~----------~----~----~----~------~----~------~--~---
