On 2021-05-11 15:08, David Schwartz via PLUG-discuss wrote:
I notified my hosting provider and of course, they said they ran
a scan and found nothing.
This is pretty typical for "security" people IME. Everything beyond
the absolute minimum is more than their job's worth.
What I’d like to do is install a script or program that can scan
through my file tree from …/public_html/ down and look for changes in
the file system since the last scan, which is what tripwire does.
You may be looking for fam, the File Alteration Monitor.
All it would do is something like an ‘ls -ltra ~/public_html’ with a
CRC or hash of the file added to the lines. (Is there a flag in ls
that does that?) The output would be saved to a file.
#!/bin/bash
if [ -e latestscan.txt ] ; then
mv -f latestscan.txt oldscan.txt
fi
find /path/to/stuff -type f -exec md5sum {} \; | sort > latestscan.txt
if [ -e latestscan.txt ] ; then
diff latestscan.txt oldscan.txt > diffs.txt
mail -s 'latest diff' [email protected] < diffs.txt
fi
# end script, execute every day via cron?
As an aside, I know that Windows has a way of setting up a callback
where you can get an event trigger somewhere whenever something in a
designated part of the file system has changed. Is this possible in
Linux?
Yes, that functionality is usually provided by fam. I think it may
have fallen out of favor or something as there has not been much
activity on it recently.
--
Crow202 Blog: http://crow202.org/wordpress
There is no Darkness in Eternity
But only Light too dim for us to see.
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
