israel.garcia@cimex.com.cu wrote:
Hi, I'm running some databases's software on a CentOS 4.5 server and I'd like to know if there are any audit software in CentOS4.5 CDs packages?.....I need some software to audit all the files on the server, I mean, if some one delete a file, or change some permissions on any filesystems, if someone copy files to my server and some of this stuff... take in mind I'm not lookign for an IDS.. I just want to audit my server...
thanks in advance
Israel
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Tripwire is one chkrootkit is another. Here is a sample output from TW.
/etc/cron.daily/tripwire: ### Warning: File system error. ### Filename: /usr/src/linux ### No such file or directory ### Continuing... ### Warning: File system error. ### Filename: /etc/inittab ### No such file or directory ### Continuing... Tripwire(R) 2.3.0 Integrity Check Report
Report generated by: root Report created on: Thu 04 Oct 2007 06:49:44 AM PDT Database last updated on: Wed 03 Oct 2007 09:56:14 PM PDT
=============================================================================== Report Summary: ===============================================================================
Host name: latis Host IP address: 142.58.207.218 Host ID: None Policy file used: /etc/tripwire/tw.pol Configuration file used: /etc/tripwire/tw.cfg Database file used: /var/lib/tripwire/latis.twd Command line used: /usr/sbin/tripwire --check --quiet --email-report
=============================================================================== Rule Summary: ===============================================================================
------------------------------------------------------------------------------- Section: Unix File System -------------------------------------------------------------------------------
Rule Name Severity Level Added Removed Modified --------- -------------- ----- ------- -------- Invariant Directories 66 0 0 0
Tripwire Data Files 100 0 0 0
Other binaries 66 0 0 0
Tripwire Binaries 100 0 0 0
setuid/setgid 100 0 0 0
Other libraries 66 0 0 0
Header Files 66 0 0 0
Shared Files 66 0 0 0
Root file-system executables 100 0 0 0
* System boot changes 100 1 0 8
Security Control 66 0 0 0
Root file-system libraries 100 0 0 0
(/lib) Critical system boot files 100 0 0 0
Boot Scripts 100 0 0 0
Critical Configuration files 100 0 0 0
Devices & Kernel information 100 0 0 0
* Root config files 100 0 0 1
Total objects scanned: 28932 Total violations found: 10
=============================================================================== Object Summary: ===============================================================================
------------------------------------------------------------------------------- # Section: Unix File System -------------------------------------------------------------------------------
------------------------------------------------------------------------------- Rule Name: System boot changes (/var/run) Severity Level: 100 -------------------------------------------------------------------------------
Added: "/var/run/console/root:1"
------------------------------------------------------------------------------- Rule Name: System boot changes (/var/log) Severity Level: 100 -------------------------------------------------------------------------------
Modified: "/var/log/syslog" "/var/log/syslog.0" "/var/log/syslog.1.gz" "/var/log/syslog.2.gz" "/var/log/syslog.3.gz" "/var/log/syslog.4.gz" "/var/log/syslog.5.gz" "/var/log/syslog.6.gz"
------------------------------------------------------------------------------- Rule Name: Root config files (/root) Severity Level: 100 -------------------------------------------------------------------------------
Modified: "/root"
=============================================================================== Error Report: ===============================================================================
------------------------------------------------------------------------------- Section: Unix File System -------------------------------------------------------------------------------
1. File system error. Filename: /usr/src/linux No such file or directory 2. File system error. Filename: /etc/inittab No such file or directory
------------------------------------------------------------------------------- *** End of report ***
Tripwire 2.3 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY; for details use --version. This is free software which may be redistributed or modified only under certain conditions; see COPYING for details. All rights reserved. run-parts: /etc/cron.daily/tripwire exited with return code 5