finding changes made to configurations
Paul Nuffer
paul.nuffer at uvu.edu
Thu Mar 3 17:10:04 UTC 2011
On 2011-03-03 22:30:24 Thu, Tapas Mishra wrote:
> One way I understand is do an ls on / and store the result in a file and
> then after the changes have been done where some files are delete again do
> an ls on / (root) and compare the results to what files are added or
> deleted.
This sounds a lot like AIDE. debuntu.org has a tutorial on how to get
that rolling in Ubuntu:
http://www.debuntu.org/intrusion-detection-with-aide
Hope that helps,
Paul
More information about the ubuntu-server
mailing list