Since Linux is vulnerable to a number of similar vulnerabilities as windows. I'm trying to find a daemon that catalogs and alerts me/user of any and all file changes as well as file additions. Is there one out there or do I have to make one of my own?
Asked
Active
Viewed 1,259 times
1 Answers
6
What you want is an intrusion detection system. I've used AIDE comfortably for a while, it can send a daily e-mail report with changes to files, for you to review.
Another possibility is samhain, I just found it by doing apt-cache search intrusion.
These are only two choices, but there are many more, so you will likely not need to roll out your own.
OH and there's also Tripwire, the granddaddy of all these pieces of software, though it appears to have gone "freemercial": http://www.tripwire.org/
roadmr
- 34,222
- 9
- 81
- 93
-
2Note that while the ID in AIDE stands for Intrusion Detection, this is not what's typically meant by "intrusion detection system". The AIDE project page describes it as "a file and directory integrity checker," which is a better description than "intrusion detection system." – Eliah Kagan Aug 21 '14 at 13:22
-
Right, a real IDS is something more akin to snort. Thanks for clarifying. – roadmr Aug 21 '14 at 16:14