On 2021-05-11 15:08, David Schwartz via PLUG-discuss wrote: > I notified my hosting provider and of course, they said they ran > a scan and found nothing. This is pretty typical for "security" people IME. Everything beyond the absolute minimum is more than their job's worth. > What I’d like to do is install a script or program that can scan > through my file tree from …/public_html/ down and look for changes in > the file system since the last scan, which is what tripwire does. You may be looking for fam, the File Alteration Monitor. > All it would do is something like an ‘ls -ltra ~/public_html’ with a > CRC or hash of the file added to the lines. (Is there a flag in ls > that does that?) The output would be saved to a file. #!/bin/bash if [ -e latestscan.txt ] ; then mv -f latestscan.txt oldscan.txt fi find /path/to/stuff -type f -exec md5sum {} \; | sort > latestscan.txt if [ -e latestscan.txt ] ; then diff latestscan.txt oldscan.txt > diffs.txt mail -s 'latest diff' somebody@example.org < diffs.txt fi # end script, execute every day via cron? > As an aside, I know that Windows has a way of setting up a callback > where you can get an event trigger somewhere whenever something in a > designated part of the file system has changed. Is this possible in > Linux? Yes, that functionality is usually provided by fam. I think it may have fallen out of favor or something as there has not been much activity on it recently. -- Crow202 Blog: http://crow202.org/wordpress There is no Darkness in Eternity But only Light too dim for us to see. --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss