[wplug] System file permission, owner and group auditing utility
Vanco, Don
don.vanco at agilysys.com
Mon Apr 11 11:15:30 EDT 2005
Ooops - yeah, -Va, not -qa.
Doh!
Don
Poyner, Brandon <> scribbled on Monday, April 11, 2005 11:07 AM:
> You can run a 'rpm -Va' to verify all rpm packages. It's far from a
> complete audit but it's one utility you can use. It returns
> information on files that differ from the RPM installed versions. If
> somebody has modified the RPM database or installed their own RPM on
> top of your RPM this won't be of much use.
>
> S file Size differs
> M Mode differs (includes permissions and file type)
> 5 MD5 sum differs
> D Device major/minor number mismatch
> L readLink(2) path mismatch
> U User ownership differs
> G Group ownership differs
> T mTime differs
> -----Original Message-----
> From: wplug-bounces+bpoyner=ccac.edu at wplug.org on behalf of Vanco, Don
> Sent: Mon 4/11/2005 8:49 AM
> To: General user list
> Cc:
> Subject: RE: [wplug] System file permission, owner and group auditing
> utility
>
>
> Sometime in April rreavis at fedex.com assaulted the keyboard and
> produced:
>> Hello,
>>
>> Does anyone know of a linux utility for auditing the permission's,
>> owner and group of system files and automatically setting
>> (resetting) these attributes to recommended defaults.
>
> If it's an RPM based distro I believe that RPM can do it. I
> don't recall the "key" - a man / info of RPM should tell you, but IIRC
> you can simply run an "rpm -qa | sort > foo" and look at the fields in
> the file foo - you'll get a flag on things that are no longer "as
> defaulted" by the RPM package in question. I _think_ this descended
> into perms, but again have not used it in years, so check the man
> page. TripWire is a good tool - but unfortunately I believe
> that you
> have to build an "index" prior to it being able to provide useful
> watchdoging - so "after the fact" I don't think it can do anything for
> you... Red Hat used to come with the "free" version of it, but that
> ended some time ago. Not sure what features are in SELinux, but that
> might be an option too...
>
> Don
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
More information about the wplug
mailing list