Re: Tracking changes made by installation of software
MallarJ@aol.com:
> > > allows admins to prevent users from making incorrect modifications
> > > where they shouldn't be.
Jiri:
> > Why aren't you setting permissions appropriately?
...
> This doesn't have anything to with my system, I'm just repoting on what
> tripwire does. I don't have permission problems, but a sysadmin might -
> considering he might have several users with root priveledges - or users
> with enough access to change certain important files.
OK.
I think that if you don't trust your fellow sysadmins you've got bigger
problems than config files, though. You shouldn't give ordinary users root
access (I can see how it might happen, but it shouldn't).
> > Actually, a simple version shouldn't be difficult at all - if you
> > start with the `find and diff' idea, but put a checksum next to each
> > of the files, then you'll have a list of files added, files removed
> > and files changed. For the changed files, you compare them with an
> > archive version using diff again.
> >
>
> You're right, this isn't a major undertaking - just trying to prevent
> dupication of code that might already be in existence. The find and diff
> idea is the exact approach I plan on using.
You can use md5 for checksums - I think I meant to say that, but obviously
didn't. While it's probably a bit of an overkill, it already exists.
Hmm, first pass at getting the list would be
find /etc -exec md5sum {} \;
because md5sum outputs the name of the file. You might want to make use of
xargs to avoid invoking md5sum all the time, but I've never tried that.
However, you *will* want to do something to keep track of softlinks. So I
guess write a perl script to take each argument, if it's an ordinary file
pass it to md5sum, if it's a softlink print it out.
Jiri
--
<jiri@baum.com.au>
We'll know the future has arrived when every mailer transparently
quotes lines that begin with "From ", but no-one remembers why.
Reply to: