Hey Everyone,
Is there a way to monitor changes done to LDAP database ie: new users,
new groups added.
I could use ossec to monitor LDAP database files located in
/var/lib/ldap, but as they are one big monolith, any change to db file
would trigger an alert (ie. user changing their password).
Previously we had a program called "osiris" which was great at figuring
out when new users/groups were added to ldap (but was bad at everything
else).
I wonder if there is a way to do this with ossec?? Also thinking to run
a command like "getent passwd > /etc/password.ldap" and "getent group >
/etc/group.ldap" and use ossec to
check for changes in those files. This might work..
Wonder if anybody else done this.
Igor W
