[olug] Script checking for server changes

[Christopher Cashell]

On Fri, Oct 3, 2008 at 10:16 AM, OBrien, Timothy <IrishMASMS at olug.org> wrote:
> Some time ago, someone was talking on the list (at least I thought it was
> here) regarding a script they had that would check the system for changes
> every so often - and if it had, either roll it back or notify.

Not sure if it's what you're looking for, but I think I might have
mentioned changetrack[0] on OLUG before.

It's a program that runs from cron, typically hourly, and runs checks
on the files specified in its config.  It then e-mails the diffs to an
e-mail address (or addresses) specified, so you can see what changed.
It uses RCS on the backend for tracking the changes.  Not the best
version control system, but it gets the job done and allows you to
retrieve older versions of the files if you need to.

I've been using it for years, and consider it a pretty essential tool
that I install on every *nix box I have to manage.  It's even become a
standard part of our *nix box installation and setup at work, too.
It's a fairly simple tool, written in perl, so portable to almost any
flavor of Unix/Linux.  It doesn't tell you who made the change, so
it's only really useful when you have some level of trust among the
people who have access to make modifications (It's not a HIDS).
However, setting it up to monitor /etc (and  a few other directories)
is trivial, so it's a very convenient tool for basic change tracking.

> --
> Timothy "Irish" O'Brien

 [0] http://changetrack.sourceforge.net/

-- 
Christopher