РЕКЛАМА НА ФОРУМЕ 

РЕКЛАМА НА ФОРУМЕ MultiVPN РЕКЛАМА НА ФОРУМЕ

Отслеживание изменений в файловой системе

Сообщения
293
Реакции
234
Баллы
84
Иногда нужно бывает отслеживать файловую систему. Под эту задачу есть много тулз. Для примера Inotify. Но к сожалению он не показывает изменение checksum.
Поэтому я выбрал AIDE (Advanced Intrusion Detection Environment) http://aide.sourceforge.net/
Установка и настройка очень просто. Конф.файл находится по адресу /etc/aide.conf

Лог
Код:
[[email protected] ~]$ cat /etc/os-release
NAME=Fedora
VERSION="21 (Twenty One)"
ID=fedora
VERSION_ID=21
PRETTY_NAME="Fedora 21 (Twenty One)"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:fedoraproject:fedora:21"
HOME_URL="https://fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=21
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=21


[[email protected] ~]$ yum info aide
Loaded plugins: langpacks
Installed Packages
Name        : aide
Arch        : x86_64
Version     : 0.15.1
Release     : 9.fc21
Size        : 308 k
Repo        : installed
Summary     : Intrusion detection environment
URL         : http://sourceforge.net/projects/aide
License     : GPLv2+
Description : AIDE (Advanced Intrusion Detection Environment) is a file integrity
            : checker and intrusion detection program.

[[email protected] ~]$ rpm -qa aide
aide-0.15.1-9.fc21.x86_64




[[email protected] ~]# whereis aide.conf
aide: /usr/sbin/aide /etc/aide.conf /usr/share/man/man1/aide.1.gz




[[email protected] ~]# aide --check
WARNING: Old db contains a entry that shouldn't be there, run --init or --update
^C
[[email protected] ~]# aide --init

AIDE, version 0.15.1

### AIDE database at /var/lib/aide/aide.db.new.gz initialized.

[[email protected] ~]# ls -tliash /var/lib/aide/
total 29M
655374 4.0K drwxr-xr-x. 74 root root 4.0K Sep 07  2016 ..
665174 2.5M -rw-------.  1 root root 2.5M Sep 07 00:04 aide.db.new.gz
665251  26M -rw-------.  1 root root  26M Aug 31 17:14 aide.db.gz
664617 4.0K drwx------.  2 root root 4.0K Aug 16  2014 .

[[email protected] ~]# cp -f /var/lib/aide/aide.db.new.gz  /var/lib/aide/aide.db.gz
cp: overwrite ‘/var/lib/aide/aide.db.gz’? Y

[[email protected] ~]# ls -tliash /var/lib/aide/
total 5.0M
655374 4.0K drwxr-xr-x. 74 root root 4.0K Sep 07  2016 ..
665251 2.5M -rw-------.  1 root root 2.5M Sep 07 00:05 aide.db.gz
665174 2.5M -rw-------.  1 root root 2.5M Sep 07 00:04 aide.db.new.gz
664617 4.0K drwx------.  2 root root 4.0K Aug 16  2014 .


[[email protected] ~]# touch /var/www/html/shell.php

[[email protected] ~]# aide --check
AIDE 0.15.1 found differences between database and filesystem!!
Start timestamp: 2016-09-07 00:06:22

Summary:
  Total number of files: 24948
  Added files: 1
  Removed files: 0
  Changed files: 1


---------------------------------------------------
Added files:
---------------------------------------------------

added: /var/www/html/shell.php

---------------------------------------------------
Changed files:
---------------------------------------------------

changed: /var/www/html

---------------------------------------------------
Detailed information about changes:
---------------------------------------------------


Directory: /var/www/html
Mtime    : 2016-02-21 00:13:04              , 2016-09-07 00:06:14
Ctime    : 2016-02-21 00:13:04              , 2016-09-07 00:06:14


[[email protected] ~]# aide --update
AIDE 0.15.1 found differences between database and filesystem!!
Start timestamp: 2016-09-07 00:07:51

Summary:
  Total number of files: 24948
  Added files: 1
  Removed files: 0
  Changed files: 1


---------------------------------------------------
Added files:
---------------------------------------------------

added: /var/www/html/shell.php

---------------------------------------------------
Changed files:
---------------------------------------------------

changed: /var/www/html

---------------------------------------------------
Detailed information about changes:
---------------------------------------------------


Directory: /var/www/html
Mtime    : 2016-02-21 00:13:04              , 2016-09-07 00:06:14
Ctime    : 2016-02-21 00:13:04              , 2016-09-07 00:06:14
 
Сверху