If you have a very static Linux server and you want to make sure it's not messed with, here's a simple script that will tell you if any files have been tampered with. It's not as fancy or as secure as tripwire or those others, but it is very simple. It can be easily adapted to any *NIX OS.
Last edited by otheus; 04-15-2009 at 06:11 AM..
Reason: added umask setting per follow-up posts
I worked on root kit hunter at sourceforge.net for a while. There are similar capabilities in the scripts in that app as well.
You may be missing something essential - as an example:
root kits may change a lot of utilities in /usr/bin to avoid detection. md5sum is one of them. It "knows" how to report the old value for a given system file, even though the file is now completely different. The same is true for ls, find and so on. If you ldd those files and ldd is not corrupt you may see odd libraries linked into them.
I would:
create a separate hidden tree of ls, find, md5sum, etc. that your script points to with it's own version of PATH. Populate the directory with known good versions of the files. If you're even a little more paranoid, consider rebuilding & linking those files statically which eliminates shared library masquerading.
It all depends on your level of exposure - if you're inside a good firewall, my suggestions may be overkill.
Hello all!
This is my first post and I'm very new to programming. I would like help creating a simple perl or bash script that I will be using in my work as a junior bioinformatician.
Essentially, I would like to take a tab-delimted or .csv text with 3 columns and write them to a "3D" matrix:
... (16 Replies)
Hey, for the purpose of a research project I need to know if a specific type of parallel processing is being utilized by any user-run programs. Is there a way to detect whether a program either returns a value to another program at the end of execution, or just utilizes any form of parallel... (4 Replies)
Hello all
I have a script but I failed on the creation of
Script is any is carried out in the shell sends the owner of the server, the message is has been implemented
For example, functioned as a detection system intruders but in smaller
Is it possible to help if you allow
I want the... (4 Replies)
I am currently running 4 scripts to complete a job for me. Each script requires the finished file of the one before it. For example the first script gets the finished file called model.x, then i would like script2 to start in and use model.x as the input and get model_min.x as the finished... (5 Replies)
Heloo every one
I want to write a script that detects a key press and mouse click and movement,but I dont know how.
The second one is I want to run myscript without writing the shell ie not "sh script.sh" but "script.sh"
Can you help me out of here?
Thanks in advance. (9 Replies)