Not sure if there is an app like this yet. I want to keep tabs on my web applications and thought of using a 'page checker'/ I was thinking either running a sum on the directory or each file...but thinking a simple date check would be fine. The idea is web application, except the uploads area for photos, never has changes to its files except when I change it. However, if it gets injected or hacked, I would want to know right away. So thinking of running a script every minute looking for files where the date changed since 'x' date or something like that. Anything out there like that? thanks
Bob Hoffman wrote:> Not sure if there is an app like this yet. > I want to keep tabs on my web applications and thought of using a 'page > checker'/ > > I was thinking either running a sum on the directory or each file...but > thinking a simple date check would > be fine. > > The idea is web application, except the uploads area for photos, never > has changes to its files except when I change it. > > However, if it gets injected or hacked, I would want to know right away. > > So thinking of running a script every minute looking for files where the > date changed since 'x' date or something like that. > > Anything out there like that?ckrootkit? mark
Have you looked at inotify(7) ? You'll need to do a bit of coding though. Martin Rushton HPC System Manager, Weapons Technologies Tel: 01959 514777, Mobile: 07939 219057 email: jmrushton at QinetiQ.com www.QinetiQ.com QinetiQ - Delivering customer-focused solutions Please consider the environment before printing this email. -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Bob Hoffman Sent: 21 June 2012 14:17 To: CentOS at centos.org Subject: [CentOS] reinventing the wheel? page checker Not sure if there is an app like this yet. I want to keep tabs on my web applications and thought of using a 'page checker'/ I was thinking either running a sum on the directory or each file...but thinking a simple date check would be fine. The idea is web application, except the uploads area for photos, never has changes to its files except when I change it. However, if it gets injected or hacked, I would want to know right away. So thinking of running a script every minute looking for files where the date changed since 'x' date or something like that. Anything out there like that? thanks _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England & Wales: Company Number: 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com.
From: Bob Hoffman <bob at bobhoffman.com>> So thinking of running a script every minute looking for files where the > date changed since 'x' date or something like that. > Anything out there like that?You have inotify that can monitor a directory for any change of the type you want. Or make a script that "md5" the files and diff the results with a previous run: ? find $DIR -type f | while read F; do md5sum "$F"; done JD
On Thu, Jun 21, 2012 at 8:17 AM, Bob Hoffman <bob at bobhoffman.com> wrote:> Not sure if there is an app like this yet. > I want to keep tabs on my web applications and thought of using a 'page > checker'/ > > I was thinking either running a sum on the directory or each file...but > thinking a simple date check would > be fine. > > The idea is web application, except the uploads area for photos, never > has changes to its files except when I change it. > > However, if it gets injected or hacked, I would want to know right away. > > So thinking of running a script every minute looking for files where the > date changed since 'x' date or something like that. > > Anything out there like that?One approach is to make the changes on a staging/test server, then rsync them to the real server. Then 'rsync -nv --delete' will list any changed files. The step beyond that is to commit all changes to a version control system like subversion, check them out on the staging box, then push to production with rsync - or update directly to the tested revision on the production server(s). The version control system will have its own commands to show changes from the repository version. -- Les Mikesell lesmikesell at gmail.com
On Thu, 21 Jun 2012, Bob Hoffman wrote:> To: CentOS at centos.org > From: Bob Hoffman <bob at bobhoffman.com> > Subject: [CentOS] reinventing the wheel? page checker > > Not sure if there is an app like this yet. > I want to keep tabs on my web applications and thought of using a 'page > checker'/*snip*> Anything out there like that?http://www.changedetection.com/ HTH, Keith ----------------------------------------------------------- Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] -----------------------------------------------------------
On Fri, June 22, 2012 16:38, m.roth at 5-cent.us wrote:> > Not true. It will issue an AVC every time something tries to happen. > Big things to know: > a) ll -Z shows you the selinux context > b) chcon [-R] -[urt] <whatever> <file or directory> > c) getsebool and setsebool > > markIf you are working with SELinux issues then the following are most helpful to have installed: setools-libs.x86_64 3.3.7-4.el6 setools-libs-python.x86_64 3.3.7-4.el6 setroubleshoot-plugins.noarch 3.0.16-1.el6 setroubleshoot-server.x86_64 3.0.38-2.1.el6 The files you need be aware of are: /var/log/messages /var/log/audit/audit.log There are several utilities to be aware (and refer to the man pages) of: # audit2allow # audit2why # ausearch # chcon # getenforce # getsebool # restorecon # sealert # semanage # semodule # setenforce # setsebool # system-config-securitylevel You will also find large measures of patience and forbearance to be of value. For issues about missing policies and contexts and developing same you should monitor the SELinix policy mailing list at refpolicy at oss1.tresys.com. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3