#!/bin/sh
cd /tmp
find / | grep -v ^/proc > tripwire0 2> /dev/null
diff tripwire1 tripwire0 | grep "[<>]" > tripwire3
cat tripwire3 | sed 's/</del/' | sed 's/>/add/'
chattr -i tripwire1; mv -f tripwire0 tripwire1
chattr +1 tripwire1;
exit 0
Run this in a cron job and get a list of all the files that have been added or deleted from a system. This is specially calibrated ignore the dynamic nature of /proc. Beware of transient mounts!
No comments:
Post a Comment