israel.garcia at cimex.com.cu wrote: > Hi, I'm running some databases's software on a CentOS 4.5 server and I'd like to know if there are any audit software in CentOS4.5 CDs packages?.....I need some software to audit all the files on the server, I mean, if some one delete a file, or change some permissions on any filesystems, if someone copy files to my server and some of this stuff... take in mind I'm not lookign for an IDS.. I just want to audit my server... > > thanks in advance > > Israel > > > > ------------------------------------------------------------------------ > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos Tripwire is one chkrootkit is another. Here is a sample output from TW. /etc/cron.daily/tripwire: ### Warning: File system error. ### Filename: /usr/src/linux ### No such file or directory ### Continuing... ### Warning: File system error. ### Filename: /etc/inittab ### No such file or directory ### Continuing... Tripwire(R) 2.3.0 Integrity Check Report Report generated by: root Report created on: Thu 04 Oct 2007 06:49:44 AM PDT Database last updated on: Wed 03 Oct 2007 09:56:14 PM PDT =============================================================================== Report Summary: =============================================================================== Host name: latis Host IP address: 142.58.207.218 Host ID: None Policy file used: /etc/tripwire/tw.pol Configuration file used: /etc/tripwire/tw.cfg Database file used: /var/lib/tripwire/latis.twd Command line used: /usr/sbin/tripwire --check --quiet --email-report =============================================================================== Rule Summary: =============================================================================== ------------------------------------------------------------------------------- Section: Unix File System ------------------------------------------------------------------------------- Rule Name Severity Level Added Removed Modified --------- -------------- ----- ------- -------- Invariant Directories 66 0 0 0 Tripwire Data Files 100 0 0 0 Other binaries 66 0 0 0 Tripwire Binaries 100 0 0 0 setuid/setgid 100 0 0 0 Other libraries 66 0 0 0 Header Files 66 0 0 0 Shared Files 66 0 0 0 Root file-system executables 100 0 0 0 * System boot changes 100 1 0 8 Security Control 66 0 0 0 Root file-system libraries 100 0 0 0 (/lib) Critical system boot files 100 0 0 0 Boot Scripts 100 0 0 0 Critical Configuration files 100 0 0 0 Devices & Kernel information 100 0 0 0 * Root config files 100 0 0 1 Total objects scanned: 28932 Total violations found: 10 =============================================================================== Object Summary: =============================================================================== ------------------------------------------------------------------------------- # Section: Unix File System ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Rule Name: System boot changes (/var/run) Severity Level: 100 ------------------------------------------------------------------------------- Added: "/var/run/console/root:1" ------------------------------------------------------------------------------- Rule Name: System boot changes (/var/log) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/var/log/syslog" "/var/log/syslog.0" "/var/log/syslog.1.gz" "/var/log/syslog.2.gz" "/var/log/syslog.3.gz" "/var/log/syslog.4.gz" "/var/log/syslog.5.gz" "/var/log/syslog.6.gz" ------------------------------------------------------------------------------- Rule Name: Root config files (/root) Severity Level: 100 ------------------------------------------------------------------------------- Modified: "/root" =============================================================================== Error Report: =============================================================================== ------------------------------------------------------------------------------- Section: Unix File System ------------------------------------------------------------------------------- 1. File system error. Filename: /usr/src/linux No such file or directory 2. File system error. Filename: /etc/inittab No such file or directory ------------------------------------------------------------------------------- *** End of report *** Tripwire 2.3 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY; for details use --version. This is free software which may be redistributed or modified only under certain conditions; see COPYING for details. All rights reserved. run-parts: /etc/cron.daily/tripwire exited with return code 5 -- James A. Peltier Technical Director, RHCE SCIRF | GrUVi @ Simon Fraser University - Burnaby Campus Phone : 778-782-3610 Fax : 778-782-3045 Mobile : 778-840-6434 E-Mail : jpeltier at cs.sfu.ca Website : http://gruvi.cs.sfu.ca | http://scirf.cs.sfu.ca MSN : subatomic_spam at hotmail.com