FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 08-31-2012, 12:25 AM
Phil Savoie
 
Default Util that tracks past changes to et4 filesystem?

Hi All,

I am interested in finding out if there is a "history" of filesystem
changes that is tracked on a RH system. Basically, I want to find out
who or what did something to a file to change it in any way, shape or form.


Example I have filex. filex has a certain content now. Now+5 file has
been changed. Is there a util to detect this change, i.e., who or what
changed it?


Thanks in advance,

Phil

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-31-2012, 12:49 AM
Harry Hoffman
 
Default Util that tracks past changes to et4 filesystem?

Hi Phil,

You're looking for Tripwire or one of it's open source (aide, I think)
variants.

It will take a hash of the file to compare later, you can also do file
versioning.

Cheers,
Harry

On 08/30/2012 08:25 PM, Phil Savoie wrote:
> Hi All,
>
> I am interested in finding out if there is a "history" of filesystem
> changes that is tracked on a RH system. Basically, I want to find out
> who or what did something to a file to change it in any way, shape or form.
>
> Example I have filex. filex has a certain content now. Now+5 file has
> been changed. Is there a util to detect this change, i.e., who or what
> changed it?
>
> Thanks in advance,
>
> Phil
>

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-31-2012, 01:23 AM
Phil Savoie
 
Default Util that tracks past changes to et4 filesystem?

On 08/30/2012 08:49 PM, Harry Hoffman wrote:

Hi Phil,

You're looking for Tripwire or one of it's open source (aide, I think)
variants.

It will take a hash of the file to compare later, you can also do file
versioning.

Cheers,
Harry


Thanks Harry,

But will this tell me whoor what made the change?

Thanks,

Phil






On 08/30/2012 08:25 PM, Phil Savoie wrote:

Hi All,

I am interested in finding out if there is a "history" of filesystem
changes that is tracked on a RH system. Basically, I want to find out
who or what did something to a file to change it in any way, shape or form.

Example I have filex. filex has a certain content now. Now+5 file has
been changed. Is there a util to detect this change, i.e., who or what
changed it?

Thanks in advance,

Phil





--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-31-2012, 01:39 AM
Harry Hoffman
 
Default Util that tracks past changes to et4 filesystem?

So, I know that the Enterprise version of Tripwire will tell you both
the who and the what.

If you're looking to do it on the cheap then there are a few options.

FUNC: https://fedorahosted.org/func/
and specifically func-inventory
https://fedorahosted.org/func/wiki/FuncInventory

This will allow you to track files via git (a versioning app) so you can
see what changed and when.

For the who, you'd want auditd

Cheers,
Harry

On 08/30/2012 09:23 PM, Phil Savoie wrote:
> On 08/30/2012 08:49 PM, Harry Hoffman wrote:
>> Hi Phil,
>>
>> You're looking for Tripwire or one of it's open source (aide, I think)
>> variants.
>>
>> It will take a hash of the file to compare later, you can also do file
>> versioning.
>>
>> Cheers,
>> Harry
>
> Thanks Harry,
>
> But will this tell me whoor what made the change?
>
> Thanks,
>
> Phil
>
>
>
>
>>
>> On 08/30/2012 08:25 PM, Phil Savoie wrote:
>>> Hi All,
>>>
>>> I am interested in finding out if there is a "history" of filesystem
>>> changes that is tracked on a RH system. Basically, I want to find out
>>> who or what did something to a file to change it in any way, shape or
>>> form.
>>>
>>> Example I have filex. filex has a certain content now. Now+5 file has
>>> been changed. Is there a util to detect this change, i.e., who or what
>>> changed it?
>>>
>>> Thanks in advance,
>>>
>>> Phil
>>>
>>
>

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-31-2012, 03:54 AM
"Mr. Paul M. Whitney"
 
Default Util that tracks past changes to et4 filesystem?

Tripwire used to be free. Whatever. Red Hat offers the free version called AIDE (Advanced Intrusion Detection Environment). The exact same product. Establish your databases of what "files" you want monitored, then compare from that base. It works like a champ and will email you after it runs as a cron "assuming you set it up that way" and will notify you of any system file changes.

It is great for someone who has a lot of time to monitor a few systems. If you are worried about changes on your production systems, you could implement something like puppet. It will ensure files/settings that you define stay the way they are supposed to. Personally, I hate puppet for my environment (development), but AIDE is tremendous.

Paul

On Aug 30, 2012, at 8:25 PM, Phil Savoie <psavoie1783@rogers.com> wrote:

> Hi All,
>
> I am interested in finding out if there is a "history" of filesystem changes that is tracked on a RH system. Basically, I want to find out who or what did something to a file to change it in any way, shape or form.
>
> Example I have filex. filex has a certain content now. Now+5 file has been changed. Is there a util to detect this change, i.e., who or what changed it?
>
> Thanks in advance,
>
> Phil
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-31-2012, 07:41 PM
Phil Savoie
 
Default Util that tracks past changes to et4 filesystem?

On 08/30/2012 09:39 PM, Harry Hoffman wrote:

So, I know that the Enterprise version of Tripwire will tell you both
the who and the what.

If you're looking to do it on the cheap then there are a few options.

FUNC: https://fedorahosted.org/func/
and specifically func-inventory
https://fedorahosted.org/func/wiki/FuncInventory

This will allow you to track files via git (a versioning app) so you can
see what changed and when.

For the who, you'd want auditd

Cheers,
Harry


Thank you Harry!!

Phil





On 08/30/2012 09:23 PM, Phil Savoie wrote:

On 08/30/2012 08:49 PM, Harry Hoffman wrote:

Hi Phil,

You're looking for Tripwire or one of it's open source (aide, I think)
variants.

It will take a hash of the file to compare later, you can also do file
versioning.

Cheers,
Harry


Thanks Harry,

But will this tell me whoor what made the change?

Thanks,

Phil






On 08/30/2012 08:25 PM, Phil Savoie wrote:

Hi All,

I am interested in finding out if there is a "history" of filesystem
changes that is tracked on a RH system. Basically, I want to find out
who or what did something to a file to change it in any way, shape or
form.

Example I have filex. filex has a certain content now. Now+5 file has
been changed. Is there a util to detect this change, i.e., who or what
changed it?

Thanks in advance,

Phil









--
Carpe Aptenodytes! (Seize the Penguins!)

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-31-2012, 07:42 PM
Phil Savoie
 
Default Util that tracks past changes to et4 filesystem?

On 08/30/2012 11:54 PM, Mr. Paul M. Whitney wrote:

Tripwire used to be free. Whatever. Red Hat offers the free version called AIDE (Advanced Intrusion Detection Environment). The exact same product. Establish your databases of what "files" you want monitored, then compare from that base. It works like a champ and will email you after it runs as a cron "assuming you set it up that way" and will notify you of any system file changes.

It is great for someone who has a lot of time to monitor a few systems. If you are worried about changes on your production systems, you could implement something like puppet. It will ensure files/settings that you define stay the way they are supposed to. Personally, I hate puppet for my environment (development), but AIDE is tremendous.

Paul



Thank you Paul, appreciate it!!

Phil




On Aug 30, 2012, at 8:25 PM, Phil Savoie<psavoie1783@rogers.com> wrote:


Hi All,

I am interested in finding out if there is a "history" of filesystem changes that is tracked on a RH system. Basically, I want to find out who or what did something to a file to change it in any way, shape or form.

Example I have filex. filex has a certain content now. Now+5 file has been changed. Is there a util to detect this change, i.e., who or what changed it?

Thanks in advance,

Phil

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list




--
Carpe Aptenodytes! (Seize the Penguins!)

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 01:01 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org