Hi All,
I have a requirement to report us on changing a group of static files.
Those are the binary files that run in Production every day.
Due to the in sercure environment situations, I found many are indulging in there own changes to the binaries by doing some changes in the souce code.
We have decided to have an audit system for all those files and report a group(send email) on changes in the files we are looking for.
I searched a lot and got the below link:
Linux audit files to see who made changes to a file
But, this needs system admin to enter the picture.
Please let me know, is there a way/script to do the same.
The environment is Sun Solaris E20K.
Regards,
Mohan Kumar CS
Can you not prevent writing the binaries? chmod 711 the files, then change the owner of the file to root or some other similar userid.
Otherwise, how can you know absolutely that the binaries you have out there are the right ones? As soon as you create the file, another user, in 5 seconds, could overwrite it.
Assuming you can know, which I don't believe, use cksum to create a file:
cd /binary/directory
cksum * > ~/mycksum
Next, put simple script into your crontab that runs every few minutes:
cd /binary/directory
cksum * > ~/testcksum
diff ~/testcksum ~/mycksum > badfiles
if [[ $? -eq 1 ]] ; then
/usr/bin/uuencode badfile badfile | /usr/bin/mailx -s 'binary file change' me@comp.com
fi
You will get a continuing stream of emails until you revert the offending file(s).
1 Like