Linux / UNIX: Find out if your configuration files / security settings changed or not

How do you find out that somebody has accessed your system and changed your configuration or security settings? How do you verify file content? There is no simple answer to these questions. Personally, I use specialized tool such as tripwire and combination of perl / shell script, UNIX command line utilities.

ADVERTISEMENTS

Examine methods of storing and later checking the validity of your configuration files is one of the key task. This article provides some guideline. You will develop a script that you can use to generate information that checks the validity of a file or directory full of files. The recorded information includes the file path, a checksum of the file so that you can compare the file contents, and unique information about the file (inode, permissions, ownership information) so that you can identify differences should they occur:

The typical UNIX administrator has a key range of utilities, tricks, and systems he or she uses regularly to aid in the process of administration. There are key utilities, command-line chains, and scripts that are used to simplify different processes. Some of these tools come with the operating system, but a majority of the tricks come through years of experience and a desire to ease the system administrator’s life. The focus of this series is on getting the most from the available tools across a range of different UNIX environments, including methods of simplifying administration in a heterogeneous environment.

=> Systems Administration Toolkit: Testing system validity

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
3 comments… add one
  • Sean Sep 17, 2007 @ 1:55

    If you use cfengine put the files or directories under the “files” section, and/or sync the files through “copy”. Not only will it alert you within the hour if things change, but you can have it fix it for you.

    Sean

  • JustCurious Sep 17, 2007 @ 16:35

    Are you guys talking about the free version of tripwire or the paid one?

  • Leena Sep 22, 2011 @ 12:13

    Its actually for what i was searching

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.