On Sun, May 19, 2013 at 9:29 PM, Philipp Duffner <philipp at phphaus.com> wrote: > > I think I really hit a snag with this one - I have no idea where to go > forward from here. > I'd appreciate any ideas. > I use aide (akin to tripwire) to keep file signature db. The online db file is immutable but I also keep a copy of it offline (along with sha1sum) Run aide (the static binary) against the db file to detect changes (if any). Also rpm -qa --verify will list files whose MD5 sums have changed, not a full proof method. You may also look at fail2ban, mod_evasive, mod_security (EPEL repo). -- Arun Khan Sent from my non-iphone/non-android device (অরুণ খান্/अरुण खान)