Identifying changed files on *nix webserver

security unix linux exploit rootkit

Looking for some (*nix) software which will build an index of "interesting" files on a server and notify when certain of those files contents are modified, or new files appear.

Similar to rkhunter et al, but less focussed on system binaries and more on executables served via web.

Any recommendations?


Look at OSSEC, I use it to do file integrity checks on our servers, it's very complete and easy to configure. It can send mail notification, you can check alerts via command line or a web interface ...

http://www.ossec.net/

taken from the website :

"OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response."


You may want to look at Tripwire or AIDE

Both will track config file changes on your machines.

See also:

  • What tool do you recommend to track changes on a Linux/Unix server
  • How to record server changes?
  • What solutions exist to allow the use of revision control for server configuration files?

Related

How to redirect non-www to www without hardcoding using .htaccess?
How to enable sleep/standby on Windows Server 2012 Hyper V
Mounting a disk from SAN (RHEL 5.9)
iptables packet forwarding to one of two gateways depending on origin
Regular user using ports below 1024 [duplicate]
Install packages through yum from file
How to create a environment where each user's vm is isolated
rsync - unexplained error
Should I mount GlusterFS as NFS or FUSE?
Best way to improve resilience?
How can I rate limit SSH connections with iptables?
Deleted then recreated Route 53 hosted zones, now website not working