looking for file system changes on a shared hosting account?

[David Schwartz]

I’ll give this a try, thanks!

Does fam do anything different?

-David Schwartz



> On May 11, 2021, at 5:34 PM, Matt Graham via PLUG-discuss <plug-discuss at lists.phxlinux.org> wrote:
> 
> On 2021-05-11 15:08, David Schwartz via PLUG-discuss wrote:
>> I notified my hosting provider and of course, they said they ran
>> a scan and found nothing.
> 
> This is pretty typical for "security" people IME.  Everything beyond the absolute minimum is more than their job's worth.
> 
>> What I’d like to do is install a script or program that can scan
>> through my file tree from …/public_html/ down and look for changes in
>> the file system since the last scan, which is what tripwire does.
> 
> You may be looking for fam, the File Alteration Monitor.
> 
>> All it would do is something like an ‘ls -ltra ~/public_html’ with a
>> CRC or hash of the file added to the lines. (Is there a flag in ls
>> that does that?) The output would be saved to a file.
> 
> #!/bin/bash
> if [ -e latestscan.txt ] ; then
>  mv -f latestscan.txt oldscan.txt
> fi
> find /path/to/stuff -type f -exec md5sum {} \; | sort > latestscan.txt
> if [ -e latestscan.txt ] ; then
>  diff latestscan.txt oldscan.txt > diffs.txt
>  mail -s 'latest diff' somebody at example.org < diffs.txt
> fi
> # end script, execute every day via cron?
> 
>> As an aside, I know that Windows has a way of setting up a callback
>> where you can get an event trigger somewhere whenever something in a
>> designated part of the file system has changed. Is this possible in
>> Linux?
> 
> Yes, that functionality is usually provided by fam.  I think it may have fallen out of favor or something as there has not been much activity on it recently.
> 
> -- 
> Crow202 Blog: http://crow202.org/wordpress
> There is no Darkness in Eternity
> But only Light too dim for us to see.
> ---------------------------------------------------
>