Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: redhat audit

From: Steve Frank <stevefrankrit () yahoo com>
Date: Tue, 17 Jun 2003 04:25:29 -0700 (PDT)
Matt,

This script will have to be edited to meet your needs,
but take a look at this bash script. This line of a
bash script will run the find command on your system.
In my example I was searching for any files with a
comma although you can change the search criteria to
meet whatever format string you want. Notice the
-mtime 5 tag. This says, return only those files that
have changed within the last 5 days. The -exec tag
will execute a command on any file that meets the
search criteria (i.e. it has been edited within 5
days.) You probably don't want to delete the file like
this script does, but rather record the file's name
and path into another file.

find / -name ",*" -mtime +5 -exec rm -f {} \; echo
"finished with search";

I hope this helps you.

Thanks,

Steve Frank

President of SPARSA
Security Practices and Research Student Association
www.sparsa.org
Rochester Institute of Technology



--- Matthew Sallee <iammatt () holly colostate edu>
wrote:

recently my redhat box was compromised and i'm
auditing changes that were made 
(i didn't notice for several days).

i've been trying to create a command that will allow
me view all the files 
modified in the last x number of days.

i've tried piping ls to grep with minimal success.
any help is greatly 
appreciated...

matt





---------------------------------------------------------------------------

Evaluating SSL VPNs' Consider NEOTERIS, chosen as
leader by top analysts!
The Gartner Group just put Neoteris in the top of
its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in
marketshare.
     
Find out why, and see how you can get plug-n-play
secure remote access in
about an hour, with no client, server changes, or
ongoing maintenance.
          
Visit us at:
http://www.neoteris.com/promos/sf-6-9.htm


----------------------------------------------------------------------------





__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: