Home page logo
/

basics logo Security Basics mailing list archives

Re: Basic Security for RedHat - good
From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Thu, 9 Dec 2004 18:02:01 -0800 (PST)


hi ya jeff

#!/bin/bash
cp -pP /etc/shadow /root/passchk/shadow
sdiff -s shadow shadow.old | cut -d ":" -f1 > out
if [ -s out ]; then
        /usr/bin/smtpclient -f passwdtest () server domain com -S
mail.domain.com -s "account change" test you () domain com < out
        fi
mv shadow shadow.old

exactly... i've been doing that for almost a decade ..
but with just:

  for all important files
  do
        if [ diff /etc/shadow /secret-copy/etc/shadow ];
        then
           turn on the red flag and get to work to see 
           who/what/when/where/why/how things changed
        fi
  done

and similarly for all the other important files 

c ya
alvin


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault