Ross S. W. Walker
2007-Oct-04 15:57 UTC
[CentOS] RE: Auditing software for a CentOS server
I believe 'tripwire' is what your probably looking for, but there may be more recent apps that use some of the new OS features like 'notify' or 'selinux' that may work better. -Ross ________________________________ From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of israel.garcia at cimex.com.cu Sent: Thursday, October 04, 2007 12:48 PM To: centos at centos.org Subject: Auditing software for a CentOS server Hi, I'm running some databases's software on a CentOS 4.5 server and I'd like to know if there are any audit software in CentOS4.5 CDs packages?.....I need some software to audit all the files on the server, I mean, if some one delete a file, or change some permissions on any filesystems, if someone copy files to my server and some of this stuff... take in mind I'm not lookign for an IDS.. I just want to audit my server... thanks in advance Israel ______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20071004/507eb369/attachment-0005.html>
israel.garcia at cimex.com.cu wrote:> Hi, I'm running some databases's software on a CentOS 4.5 server and I'd like to know if there are any audit software in CentOS4.5 CDs packages?.....I need some software to audit all the files on the server, I mean, if some one delete a file, or change some permissions on any filesystems, if someone copy files to my server and some of this stuff... take in mind I'm not lookign for an IDS.. I just want to audit my server... > > thanks in advance > > Israel > > > > ------------------------------------------------------------------------ > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centosTripwire is one chkrootkit is another. Here is a sample output from TW. /etc/cron.daily/tripwire: ### Warning: File system error. ### Filename: /usr/src/linux ### No such file or directory ### Continuing... ### Warning: File system error. ### Filename: /etc/inittab ### No such file or directory ### Continuing... Tripwire(R) 2.3.0 Integrity Check Report Report generated by: root Report created on: Thu 04 Oct 2007 06:49:44 AM PDT Database last updated on: Wed 03 Oct 2007 09:56:14 PM PDT ==============================================================================Report Summary: ============================================================================== Host name: latis Host IP address: 142.58.207.218 Host ID: None Policy file used: /etc/tripwire/tw.pol Configuration file used: /etc/tripwire/tw.cfg Database file used: /var/lib/tripwire/latis.twd Command line used: /usr/sbin/tripwire --check --quiet --email-report ==============================================================================Rule Summary: ============================================================================== ------------------------------------------------------------------------------- Section: Unix File System ------------------------------------------------------------------------------- Rule Name Severity Level Added Removed Modified --------- -------------- ----- ------- -------- Invariant Directories 66 0 0 0 Tripwire Data Files 100 0 0 0 Other binaries 66 0 0 0 Tripwire Binaries 100 0 0 0 setuid/setgid 100 0 0 0 Other libraries 66 0 0 0 Header Files 66 0 0 0 Shared Files 66 0 0 0 Root file-system executables 100 0 0 0 * System boot changes 100 1 0 8 Security Control 66 0 0 0 Root file-system libraries 100 0 0 0 (/lib) Critical system boot files 100 0 0 0 Boot Scripts 100 0 0 0 Critical Configuration files 100 0 0 0 Devices & Kernel information 100 0 0 0 * Root config files 100 0 0 1 Total objects scanned: 28932 Total violations found: 10 ==============================================================================Object Summary: ============================================================================== ------------------------------------------------------------------------------- # Section: Unix File System ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Rule Name: System boot changes (/var/run) Severity Level: 100 ------------------------------------------------------------------------------- Added: "/var/run/console/root:1" ------------------------------------------------------------------------------- Rule Name: System boot changes (/var/log) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/var/log/syslog" "/var/log/syslog.0" "/var/log/syslog.1.gz" "/var/log/syslog.2.gz" "/var/log/syslog.3.gz" "/var/log/syslog.4.gz" "/var/log/syslog.5.gz" "/var/log/syslog.6.gz" ------------------------------------------------------------------------------- Rule Name: Root config files (/root) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/root" ==============================================================================Error Report: ============================================================================== ------------------------------------------------------------------------------- Section: Unix File System ------------------------------------------------------------------------------- 1. File system error. Filename: /usr/src/linux No such file or directory 2. File system error. Filename: /etc/inittab No such file or directory ------------------------------------------------------------------------------- *** End of report *** Tripwire 2.3 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY; for details use --version. This is free software which may be redistributed or modified only under certain conditions; see COPYING for details. All rights reserved. run-parts: /etc/cron.daily/tripwire exited with return code 5 -- James A. Peltier Technical Director, RHCE SCIRF | GrUVi @ Simon Fraser University - Burnaby Campus Phone : 778-782-3610 Fax : 778-782-3045 Mobile : 778-840-6434 E-Mail : jpeltier at cs.sfu.ca Website : http://gruvi.cs.sfu.ca | http://scirf.cs.sfu.ca MSN : subatomic_spam at hotmail.com
israel.garcia at cimex.com.cu
2007-Oct-04 16:48 UTC
[CentOS] Auditing software for a CentOS server
Hi, I'm running some databases's software on a CentOS 4.5 server and I'd like to know if there are any audit software in CentOS4.5 CDs packages?.....I need some software to audit all the files on the server, I mean, if some one delete a file, or change some permissions on any filesystems, if someone copy files to my server and some of this stuff... take in mind I'm not lookign for an IDS.. I just want to audit my server... thanks in advance Israel -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 3522 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20071004/b7688a45/attachment-0005.bin>
Aide is another option Ross S. W. Walker wrote:> I believe 'tripwire' is what your probably looking for, but there may > be more recent apps that use some of the new OS features like 'notify' > or 'selinux' that may work better. > > > -Ross > > > ------------------------------------------------------------------------ > *From:* centos-bounces at centos.org > [mailto:centos-bounces at centos.org] *On Behalf Of > *israel.garcia at cimex.com.cu > *Sent:* Thursday, October 04, 2007 12:48 PM > *To:* centos at centos.org > *Subject:* Auditing software for a CentOS server > > Hi, I'm running some databases's software on a CentOS 4.5 server > and I'd like to know if there are any audit software in CentOS4.5 > CDs packages?.....I need some software to audit all the files on > the server, I mean, if some one delete a file, or change some > permissions on any filesystems, if someone copy files to my server > and some of this stuff... take in mind I'm not lookign for an > IDS.. I just want to audit my server... > > thanks in advance > > Israel > > ------------------------------------------------------------------------ > This e-mail, and any attachments thereto, is intended only for use by > the addressee(s) named herein and may contain legally privileged > and/or confidential information. If you are not the intended recipient > of this e-mail, you are hereby notified that any dissemination, > distribution or copying of this e-mail, and any attachments thereto, > is strictly prohibited. If you have received this e-mail in error, > please immediately notify the sender and permanently delete the > original and any copy or printout thereof. > ------------------------------------------------------------------------ > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >