[wplug] System file permission, owner and group auditing utility

Poyner, Brandon bpoyner at ccac.edu
Mon Apr 11 11:06:35 EDT 2005 

You can run a 'rpm -Va' to verify all rpm packages.  It's far from a complete audit but it's one utility you can use.  It returns information on files that differ from the RPM installed versions.  If somebody has modified the RPM database or installed their own RPM on top of your RPM this won't be of much use.
 
       S file Size differs
       M Mode differs (includes permissions and file type)
       5 MD5 sum differs
       D Device major/minor number mismatch
       L readLink(2) path mismatch
       U User ownership differs
       G Group ownership differs
       T mTime differs

	-----Original Message----- 
	From: wplug-bounces+bpoyner=ccac.edu at wplug.org on behalf of Vanco, Don 
	Sent: Mon 4/11/2005 8:49 AM 
	To: General user list 
	Cc: 
	Subject: RE: [wplug] System file permission, owner and group auditing utility
	
	

	Sometime in April rreavis at fedex.com assaulted the keyboard and produced:
	| Hello,
	|
	| Does anyone know of a linux  utility for auditing the permission's,
	owner
	| and group of system files and automatically setting (resetting) these
	| attributes to recommended defaults.
	
	        If it's an RPM based distro I believe that RPM can do it.  I
	don't recall the "key" - a man / info of RPM should tell you, but IIRC
	you can simply run an "rpm -qa | sort > foo" and look at the fields in
	the file foo - you'll get a flag on things that are no longer "as
	defaulted" by the RPM package in question.  I _think_ this descended
	into perms, but again have not used it in years, so check the man page.
	        TripWire is a good tool - but unfortunately I believe that you
	have to build an "index" prior to it being able to provide useful
	watchdoging - so "after the fact" I don't think it can do anything for
	you...  Red Hat used to come with the "free" version of it, but that
	ended some time ago.  Not sure what features are in SELinux, but that
	might be an option too...
	
	Don
	
	_______________________________________________
	wplug mailing list
	wplug at wplug.org
	http://www.wplug.org/mailman/listinfo/wplug
	

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 6186 bytes
Desc: not available
Url : http://penguin.wplug.org/pipermail/wplug/attachments/20050411/7f53e72c/attachment.bin

More information about the wplug mailing list