Security Basics mailing list archives

Re: Basic Security for RedHat - good

From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Thu, 9 Dec 2004 18:02:01 -0800 (PST)


hi ya jeff

#!/bin/bash
cp -pP /etc/shadow /root/passchk/shadow
sdiff -s shadow shadow.old | cut -d ":" -f1 > out
if [ -s out ]; then
        /usr/bin/smtpclient -f passwdtest () server domain com -S
mail.domain.com -s "account change" test you () domain com < out
        fi
mv shadow shadow.old


exactly... i've been doing that for almost a decade ..
but with just:

  for all important files
  do
        if [ diff /etc/shadow /secret-copy/etc/shadow ];
        then
           turn on the red flag and get to work to see 
           who/what/when/where/why/how things changed
        fi
  done

and similarly for all the other important files 

c ya
alvin

Current thread:

Basic Security for RedHat Kalpin Erlangga Silaen (Dec 08)
- Re: Basic Security for RedHat hutuworm (Dec 09)
- Re: Basic Security for RedHat xyberpix (Dec 09)
- Re: Basic Security for RedHat James Kelly (Dec 09)
- Re: Basic Security for RedHat Alexander Klimov (Dec 09)
- RE: Basic Security for RedHat Alexandre Skyrme (Dec 10)
- <Possible follow-ups>
- RE: Basic Security for RedHat Jeff Gercken (Dec 09)
  - Re: Basic Security for RedHat - good Alvin Oga (Dec 10)
- Re: Basic Security for RedHat bsec (Dec 09)
- RE: Basic Security for RedHat Nardis, Frank (Dec 09)