[TriLUG] invisible directories...
Jeremy Portzer
jeremyp at pobox.com
Tue Apr 22 14:29:00 EDT 2003
On Tue, 2003-04-22 at 14:24, Jon Carnes wrote:
> On Tue, 2003-04-22 at 11:20, Turnpike Man wrote:
>
> > So besides all the scripts needed to compare binaries every 10 minutes
> > (something I'm still clueless of how to do)...
> >
> Tripwire will do this for you, but before that came along I ran
> something like the following script - every 10 minutes on my external
> boxes.
>
> ====== file_chks ======
> #! /bin/bash
> # check run on the base files (periodically)
> #
> if [ ! -s /etc/chk ];
> then
> echo First time run... Creating /etc/chk and storing base files
> mkdir /etc/chk
> chmod o-wrx /etc/chk
> cp /bin/df /etc/chk/1.chk
> cp /bin/find /etc/chk/2.chk
> cp /bin/ls /etc/chk/3.chk
> cp /bin/netstat /etc/chk/4.chk
> cp /bin/ping /etc/chk/5.chk
> cp /bin/ps /etc/chk/6.chk
> cp /usr/bin/du /etc/chk/7.chk
> cp /usr/sbin/lsof /etc/chk/8.chk
> # cp /etc/passwd /etc/chk/p.chk
> # cp /etc/group /etc/chk/g.chk
> fi
Another neat trick you could use to protect those ".chk" files is to
make them "immutable," using the chattr(1) command. This way, nothing
will be able to overwrite or delete them (unless it's smart enough to
run lsattr/chattr first, which is unlikely for most tools).
--Jeremy
--
/=====================================================================\
| Jeremy Portzer jeremyp at pobox.com trilug.org/~jeremy |
| GPG Fingerprint: 712D 77C7 AB2D 2130 989F E135 6F9F F7BC CC1A 7B92 |
\=====================================================================/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030422/f3e434ce/attachment.pgp>
More information about the TriLUG
mailing list