finding changes made to configurations

Paul Nuffer paul.nuffer at uvu.edu
Thu Mar 3 17:10:04 UTC 2011


On 2011-03-03 22:30:24 Thu, Tapas Mishra wrote:
> One way I understand is do an ls on / and store the result in a file and
> then after the changes have been done where some files are delete again do
> an ls on / (root) and compare the results to what files are added or
> deleted.

This sounds a lot like AIDE. debuntu.org has a tutorial on how to get 
that rolling in Ubuntu:

http://www.debuntu.org/intrusion-detection-with-aide

Hope that helps,

Paul




More information about the ubuntu-server mailing list