Util that tracks past changes to et4 filesystem?
Harry Hoffman
hhoffman at ip-solutions.net
Fri Aug 31 01:39:08 UTC 2012
So, I know that the Enterprise version of Tripwire will tell you both
the who and the what.
If you're looking to do it on the cheap then there are a few options.
FUNC: https://fedorahosted.org/func/
and specifically func-inventory
https://fedorahosted.org/func/wiki/FuncInventory
This will allow you to track files via git (a versioning app) so you can
see what changed and when.
For the who, you'd want auditd
Cheers,
Harry
On 08/30/2012 09:23 PM, Phil Savoie wrote:
> On 08/30/2012 08:49 PM, Harry Hoffman wrote:
>> Hi Phil,
>>
>> You're looking for Tripwire or one of it's open source (aide, I think)
>> variants.
>>
>> It will take a hash of the file to compare later, you can also do file
>> versioning.
>>
>> Cheers,
>> Harry
>
> Thanks Harry,
>
> But will this tell me whoor what made the change?
>
> Thanks,
>
> Phil
>
>
>
>
>>
>> On 08/30/2012 08:25 PM, Phil Savoie wrote:
>>> Hi All,
>>>
>>> I am interested in finding out if there is a "history" of filesystem
>>> changes that is tracked on a RH system. Basically, I want to find out
>>> who or what did something to a file to change it in any way, shape or
>>> form.
>>>
>>> Example I have filex. filex has a certain content now. Now+5 file has
>>> been changed. Is there a util to detect this change, i.e., who or what
>>> changed it?
>>>
>>> Thanks in advance,
>>>
>>> Phil
>>>
>>
>
More information about the redhat-list
mailing list