/etc/passwd Monitoring of Solaris Xymon Clients

On Wed, 10 Apr 2013 11:48:51 +0100, Nick Pettefar <user-2027539dd102@xymon.invalid>
wrote:

Is there an established way of monitoring for /etc/passwd entriy
changes/additions on Solaris servers?

If it is not supposed to change, then you can check an MD5 or SHA1 hash of
the file matches.

See the "FILE" check in analysis.cfg

http://www.xymon.com/xymon/help/manpages/man5/analysis.cfg.5.html#lbAK
http://www.xymon.com/xymon/help/manpages/man5/client-local.cfg.5.html#lbAI

The "xymondigest" tool can calculate the hash for you, if the system
doesn't have a pre-installed MD5/SHA1 hash tool installed.


Regards,
Henrik