[wplug] System file permission, owner and group auditing utility

Vanco, Don don.vanco at agilysys.com
Mon Apr 11 11:15:30 EDT 2005 

Ooops - yeah, -Va, not -qa.

Doh!
Don

Poyner, Brandon <> scribbled on Monday, April 11, 2005 11:07 AM:

> You can run a 'rpm -Va' to verify all rpm packages.  It's far from a
> complete audit but it's one utility you can use.  It returns
> information on files that differ from the RPM installed versions.  If
> somebody has modified the RPM database or installed their own RPM on
> top of your RPM this won't be of much use.    
> 
>        S file Size differs
>        M Mode differs (includes permissions and file type)
>        5 MD5 sum differs
>        D Device major/minor number mismatch
>        L readLink(2) path mismatch
>        U User ownership differs
>        G Group ownership differs
>        T mTime differs
> -----Original Message-----
> From: wplug-bounces+bpoyner=ccac.edu at wplug.org on behalf of Vanco, Don
> Sent: Mon 4/11/2005 8:49 AM
> To: General user list
> Cc:
> Subject: RE: [wplug] System file permission, owner and group auditing
> utility 
> 
> 
> Sometime in April rreavis at fedex.com assaulted the keyboard and
> produced: 
>> Hello,
>> 
>> Does anyone know of a linux  utility for auditing the permission's,
>> owner and group of system files and automatically setting
>> (resetting) these attributes to recommended defaults.
> 
>         If it's an RPM based distro I believe that RPM can do it.  I
> don't recall the "key" - a man / info of RPM should tell you, but IIRC
> you can simply run an "rpm -qa | sort > foo" and look at the fields in
> the file foo - you'll get a flag on things that are no longer "as
> defaulted" by the RPM package in question.  I _think_ this descended
> into perms, but again have not used it in years, so check the man
>         page. TripWire is a good tool - but unfortunately I believe
> that you 
> have to build an "index" prior to it being able to provide useful
> watchdoging - so "after the fact" I don't think it can do anything for
> you...  Red Hat used to come with the "free" version of it, but that
> ended some time ago.  Not sure what features are in SELinux, but that
> might be an option too...
> 
> Don
> 
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug

More information about the wplug mailing list