You might want to talk to your security people before copying the passed
file to another system, and you *definitely* should not copy the shadow
file. There are good reasons that file is readable only by root.
Ralph Mitchell
If you want to monitor changes to the passwd/shadow file, one way would
be to write an ext script. One can get around the OS recording changes to
users by just editing the files directly, so this would be a bit more
foolproof.
You'd need be to keep a copy of the passwd file somewhere else (say the
xymon server itself) and then do a diff against it. Something like:
if scp $server:/etc/passwd $BBHOME/secret/$server.passwd.new
then
if
diff $BBHOME/secret/$server.passwd.new $BBHOME/secret/$server.passwd.reference
then
COLOR=green
else
COLOR=red
fi
else
COLOR=red
fi
cheers, Phil
Yes, that's what I've done but management want a copy of them for some
reason or other...
Regards,
Nick Pettefar
On 19 April 2013 14:18, Galen Johnson <user-87f955643e3d@xymon.invalid> wrote:Why not just use the Xymon client's built-in ability to test for file age
and trigger an alert if it changes?
=G=
From: xymon-bounces at xymon.com [xymon-bounces at xymon.com] on behalf of Nick
[user-2027539dd102@xymon.invalid]
Sent: Friday, April 19, 2013 8:00 AM
To: xymon at xymon.com
Subject: [Xymon] Xymon Log Retrieval
Is there a doco anywhere explaining the log file retrieval mechanism?
I want to use Xymon to fetch /etc/passwd files so that I can check for
unwanted/unnoticed changes.
Nick
Dublin