On 22/04/13 20:53, Ralph Mitchell wrote:
You might want to talk to your security people before copying the
passed file to another system, and you *definitely* should not copy
the shadow file. There are good reasons that file is readable only by
root.
Ralph Mitchell
If you want to monitor changes to the passwd/shadow file, one
way would be to write an ext script. One can get around the OS
recording changes to users by just editing the files directly, so
this would be a bit more foolproof.
You'd need be to keep a copy of the passwd file somewhere else (say
the xymon server itself) and then do a diff against it. Something like:
I've been watching this thread, but maybe I missed it...
Doesn't xymon allow to calculate the MD5 of a file and alert if it is
modified..... I'm pretty sure this is a standard feature. Here it is:
# - "MD5=md5sum", "SHA1=sha1sum", "RMD160=rmd160sum" trigger
a warning
# if the file checksum using the MD5, SHA1 or RMD160
message digest
# algorithms do not match the one configured here. Note:
The "file"
# entry in the client-local.cfg file must specify which
algorithm to use.
Surely this would generate an appropriate alert if the file is
modified... and continue to alert until the xymon config was updated
with the new checksum.
Regards,
Adam
--
Adam Goryachev
Website Managers
www.websitemanagers.com.au