Inventory or Audit Installed Linux Software

unix linux reporting

Solution 1:

  1. Check package management database
  2. Not perfectly reliable, but scan the entire filesystem for the expected executable or library file names.
  3. Same as #2, but don't count on it if somebody wants to rename netcat to purrmeow, statically compile it, and run it by calling libc instead of a direct execution.

You could try to identify any files using the content of the first few bytes to check for executable magic numbers and then note any that don't have a home. This will take care of accidental or innocent violation installations. You'll be hard-pressed, however, if somebody wanted to put something in place and keep it hidden from you.

To be really sneaky, one could embed an executable in some junk section of file, mmap it, and then memory jump into it. Where there's a will, there's a hacker... so beware of the limitations of whatever method you choose if this is an audit function.

Solution 2:

This wouldn't actually be all that difficult to script up manually via ssh.

That said, I think you're going about this the wrong way. You ought to start deploying via a configuration management system which will ensure your servers are in a specific, reproducible, version-controlled state.

Related

Do I need a dedicated IP address per sub domain for SSL?
How can I rebuilt MySQL replication without dumping the master?
Two trusted domains with same username in both - can we merge?
Ubuntu: disable udev's persistent-net-generator.rules
Installing RDS on Windows Server 2012 without AD
Copy a whole directory structure in Chef
how to add an open_basedir path in nginx vhost
Avoiding log noise from cron jobs - with syslog-ng rather than syslog
Apache load balancer with https real servers and client certificates
Will SQL Server 2012 install + run Windows 2003
How to list all DNS names pointing to an IP?
How to check Ubuntu crash log in last session?