On 2021-05-11 15:08, David Schwartz via PLUG-discuss wrote:
> I notified my hosting provider and of course, they said they ran
> a scan and found nothing.
This is pretty typical for "security" people IME. Everything beyond
the absolute minimum is more than their job's worth.
> What I’d like to do is install a script or program that can scan
> through my file tree from …/public_html/ down and look for changes in
> the file system since the last scan, which is what tripwire does.
You may be looking for fam, the File Alteration Monitor.
> All it would do is something like an ‘ls -ltra ~/public_html’ with a
> CRC or hash of the file added to the lines. (Is there a flag in ls
> that does that?) The output would be saved to a file.
#!/bin/bash
if [ -e latestscan.txt ] ; then
mv -f latestscan.txt oldscan.txt
fi
find /path/to/stuff -type f -exec md5sum {} \; | sort > latestscan.txt
if [ -e latestscan.txt ] ; then
diff latestscan.txt oldscan.txt > diffs.txt
mail -s 'latest diff'
somebody@example.org < diffs.txt
fi
# end script, execute every day via cron?
> As an aside, I know that Windows has a way of setting up a callback
> where you can get an event trigger somewhere whenever something in a
> designated part of the file system has changed. Is this possible in
> Linux?
Yes, that functionality is usually provided by fam. I think it may
have fallen out of favor or something as there has not been much
activity on it recently.
--
Crow202 Blog:
http://crow202.org/wordpress
There is no Darkness in Eternity
But only Light too dim for us to see.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)