Identifying changed files on *nix webserver
Looking for some (*nix) software which will build an index of "interesting" files on a server and notify when certain of those files contents are modified, or new files appear.
Similar to rkhunter et al, but less focussed on system binaries and more on executables served via web.
Any recommendations?
Look at OSSEC, I use it to do file integrity checks on our servers, it's very complete and easy to configure. It can send mail notification, you can check alerts via command line or a web interface ...
http://www.ossec.net/
taken from the website :
"OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response."
You may want to look at Tripwire or AIDE
Both will track config file changes on your machines.
See also:
- What tool do you recommend to track changes on a Linux/Unix server
- How to record server changes?
- What solutions exist to allow the use of revision control for server configuration files?