James,
I thought of tripwire, but I was hoping for a solution that I didn't have to
install, configure, and test on every new machine I come across where I
might want to do this. The idea is to have an easy way to answer the
question, "What did this new rpm, or other kind software installation,
actually do to my system?" RPM package management is not the complete answer
because too many programs get installed from source tarballs. Too many
scripts get run that do things the rpm does not tell you (or even itself!)
about. Installing something like tripwire to accomplish this seems like a
lot of work for what ought to be a command line utility. Also, correct me if
I am wrong, but isn't tripwire intended to watch a pre-defined set of
"important" files, and doesn't it basically just compare md5 checksums and
alert you to changes? That sounds different than what I want, which is
basically a command that will output something like this:
Previous snapshot: 06-14-03 14:21:16
Files added:
/usr/bin/perl 658 06-15-2003 root:root 770
/var/spool/.zippy 792 06-15-2003 root:root 700
Files removed:
/tmp/qd666r2 432 02-21-2001 bin:bin 755
Files changed:
/usr/bin/chmod
(old size: 710, new size: 774)
(old perms: 655, new perms: 777)
Your suggestion about bulidng my own script was the first thing that occured
to me. I started part way down that road, but then decided that I might be
reinventing the wheel.
--Eric
> -----Original Message-----
> From: James Washer [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 16, 2003 1:10 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [RLUG] Best Way to Detect All Changes After Software
> Install or Removal?
>
>
> tripwire!
>
> Seriously... Linux/unix doesn't have any 'registry'..
> Everything is in files.. Any intrusion detection system will
> report on file changes.. Or just write your own little
> utility. Do an ftw (file tree walk) and stat each
> file/directory. Save the data, and do it again.. then compare.
>
> - jim
>
> On Wed, 16 Jul 2003 10:23:54 -0700
> "Eric Robinson" <[EMAIL PROTECTED]> wrote:
>
> > Windows has a simple utility called sysdiff. You run it
> before making changes to your system, and again afterwards to
> see exactly what changed (files, directories, registry, etc).
> What is the equivalent (or better) Linux command-line util?
> >
> > --Eric
> > _______________________________________________
> > RLUG mailing list
> > [EMAIL PROTECTED]
> > http://www.rlug.org/mailman/listinfo/rlug
> >
>
>
> _______________________________________________
> RLUG mailing list
> [EMAIL PROTECTED]
> http://www.rlug.org/mailman/listinfo/rlug
>
_______________________________________________
RLUG mailing list
[EMAIL PROTECTED]
http://www.rlug.org/mailman/listinfo/rlug
