Joined: 26 Aug 2009 Posts: 4309 Location: Tampa, FL
Posted: Sat 01 May 2010, 23:29 Post_subject:
Fcheck - Filesystem Baseline Integrity Checker Sub_title: TripWire-style IDS
This is a perl script that can tell you when files change on your filesystem. It doesn't need any perl modules so it's quite small.
First edit /usr/local/admtools/conf/fcheck.cfg to set up what files you want to monitor.
Then run 'fcheck -ac' to create the initial snapshot.
Then you can run 'fcheck -a' at any time to see if anything has changed.
The script is quite configurable and useful. It also comes in handy for debugging and development work. You could, for instance, use it to find out exactly what's changed in a remaster compared to the original base system.