Periodically audit file permissions for mistaken leaks

security linux user-permissions

I'm looking for a way to periodically check a file system tree for permissions that have been set incorrectly.

The context is:

  • this is in an academic compute environment, with students, researchers and overworked sysadmins
  • the focus is not on malicious actors, but rather mistakes made by any of the above
  • existing users/group hierarchy
  • prevention does not have to be immediate, we're thinking of something that can run daily
  • ideally don't want to have to install extra tools such as tripwire
  • don't need a forensic trail to be captured

My hunch is a script that:

  • runs daily via cron
  • runs as a user with read permissions for the entire tree
  • checks that rwx is off for the "all" bits.. (more rules to be added)

Before I start this, is there an established way to do this that I'm not aware of?


You want to check AIDE or mtree

More generic list of File integrity monitoring software

Related

2003 DC AD upgrade to 2008 on second server migration plan
Encrypt nginx log files
Openoffice headless on CentOS 7 / 8
auth log file shows wrong time?
How can I configure Postfix to relay emails addressed to particular domains through a separate SMTP relay [duplicate]
How to (properly) back up a live QEMU/KVM VM?
How to force Linux users to respect max login rate
How to redirect all Apache 2.4 websites to maintenance page while allowing access to specified IP addresses
Installing php-fpm apache 2.4.6 on Centos 7
rclone quits FTP server after asking for UTF8
Advertise self as ipv6 dns server, with ra-pd / radvd
Enable offline file sync for computer owner only