israel.garcia@xxxxxxxxxxxx wrote:
Hi, I'm running some databases's software on a CentOS 4.5 server and I'd like to know if there are any audit software in CentOS4.5 CDs packages?.....I need some software to audit all the files on the server, I mean, if some one delete a file, or change some permissions on any filesystems, if someone copy files to my server and some of this stuff... take in mind I'm not lookign for an IDS.. I just want to audit my server...
thanks in advance
Israel
------------------------------------------------------------------------
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
Tripwire is one chkrootkit is another. Here is a sample output from TW.
/etc/cron.daily/tripwire:
### Warning: File system error.
### Filename: /usr/src/linux
### No such file or directory
### Continuing...
### Warning: File system error.
### Filename: /etc/inittab
### No such file or directory
### Continuing...
Tripwire(R) 2.3.0 Integrity Check Report
Report generated by: root
Report created on: Thu 04 Oct 2007 06:49:44 AM PDT
Database last updated on: Wed 03 Oct 2007 09:56:14 PM PDT
===============================================================================
Report Summary:
===============================================================================
Host name: latis
Host IP address: 142.58.207.218
Host ID: None
Policy file used: /etc/tripwire/tw.pol
Configuration file used: /etc/tripwire/tw.cfg
Database file used: /var/lib/tripwire/latis.twd
Command line used: /usr/sbin/tripwire --check --quiet
--email-report
===============================================================================
Rule Summary:
===============================================================================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
Rule Name Severity Level Added Removed
Modified
--------- -------------- ----- -------
--------
Invariant Directories 66 0 0 0
Tripwire Data Files 100 0 0 0
Other binaries 66 0 0 0
Tripwire Binaries 100 0 0 0
setuid/setgid 100 0 0 0
Other libraries 66 0 0 0
Header Files 66 0 0 0
Shared Files 66 0 0 0
Root file-system executables 100 0 0 0
* System boot changes 100 1 0 8
Security Control 66 0 0 0
Root file-system libraries 100 0 0 0
(/lib)
Critical system boot files 100 0 0 0
Boot Scripts 100 0 0 0
Critical Configuration files 100 0 0 0
Devices & Kernel information 100 0 0 0
* Root config files 100 0 0 1
Total objects scanned: 28932
Total violations found: 10
===============================================================================
Object Summary:
===============================================================================
-------------------------------------------------------------------------------
# Section: Unix File System
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/run)
Severity Level: 100
-------------------------------------------------------------------------------
Added:
"/var/run/console/root:1"
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/log)
Severity Level: 100
-------------------------------------------------------------------------------
Modified:
"/var/log/syslog"
"/var/log/syslog.0"
"/var/log/syslog.1.gz"
"/var/log/syslog.2.gz"
"/var/log/syslog.3.gz"
"/var/log/syslog.4.gz"
"/var/log/syslog.5.gz"
"/var/log/syslog.6.gz"
-------------------------------------------------------------------------------
Rule Name: Root config files (/root)
Severity Level: 100
-------------------------------------------------------------------------------
Modified:
"/root"
===============================================================================
Error Report:
===============================================================================
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
1. File system error.
Filename: /usr/src/linux
No such file or directory
2. File system error.
Filename: /etc/inittab
No such file or directory
-------------------------------------------------------------------------------
*** End of report ***
Tripwire 2.3 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
for details use --version. This is free software which may be redistributed
or modified only under certain conditions; see COPYING for details.
All rights reserved.
run-parts: /etc/cron.daily/tripwire exited with return code 5
--
James A. Peltier
Technical Director, RHCE
SCIRF | GrUVi @ Simon Fraser University - Burnaby Campus
Phone : 778-782-3610
Fax : 778-782-3045
Mobile : 778-840-6434
E-Mail : jpeltier@xxxxxxxxx
Website : http://gruvi.cs.sfu.ca | http://scirf.cs.sfu.ca
MSN : subatomic_spam@xxxxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
