[wplug] System file permission, owner and group auditing utility
Vanco, Don
don.vanco at agilysys.com
Mon Apr 11 08:49:34 EDT 2005
Sometime in April rreavis at fedex.com assaulted the keyboard and produced:
| Hello,
|
| Does anyone know of a linux utility for auditing the permission's,
owner
| and group of system files and automatically setting (resetting) these
| attributes to recommended defaults.
If it's an RPM based distro I believe that RPM can do it. I
don't recall the "key" - a man / info of RPM should tell you, but IIRC
you can simply run an "rpm -qa | sort > foo" and look at the fields in
the file foo - you'll get a flag on things that are no longer "as
defaulted" by the RPM package in question. I _think_ this descended
into perms, but again have not used it in years, so check the man page.
TripWire is a good tool - but unfortunately I believe that you
have to build an "index" prior to it being able to provide useful
watchdoging - so "after the fact" I don't think it can do anything for
you... Red Hat used to come with the "free" version of it, but that
ended some time ago. Not sure what features are in SELinux, but that
might be an option too...
Don
More information about the wplug
mailing list