syscheck - Checks your files to see what has changed
ChangeLog
| Web site: | http://www.ossec.net/syscheck/ |
HOWTO
# syscheck 0.3
# ============
cd
test -f installed/syscheck-0.3.tar.gz && mv installed/syscheck-0.3.tar.gz .
test ! -f syscheck-0.3.tar.gz &&
wget http://www.ossec.net/syscheck/files/syscheck-0.3.tar.gz
# Verify tarball w/ md5sum:
echo "0ca011e829b493c1e58091736b8d1df3 syscheck-0.3.tar.gz" | md5sum -c
mkdir -p -m 0700 src
cd src
find -maxdepth 1 -type d -name "syscheck-*" -exec rm -r {} \;
tar xzvf ~/syscheck-0.3.tar.gz
cd syscheck-0.3
test $UID = 0 && chown -R root:root .
chmod -R u+w .
# "Builded" -> "Built", "Scannig" -> "Scanning":
wget -nc http://englanders.cc/pub/linux/patches/syscheck-0.3.patch &&
patch -p1 < syscheck-0.3.patch
make -f Makefile.example
# Create an initial sample configuration (required by 'make ... install'
# below). This one is probably most appropriate to be run locally and from
# cron periodically. For more info about what to put in here, see the two
# samples in ./conf/ and look at the ./README
cat > conf/syscheck.config <<EOF
term = n
syslog = y
daemon = n
chkdir = /sbin/,/bin/,/etc/,/usr/local/sbin/,/usr/local/bin/
EOF
# Become root to install and configure it
su
make -f Makefile.example install
# Create the database:
/usr/local/syscheck/syscheck start
# Check files on your system against the database:
/usr/local/syscheck/syscheck
# If you want to keep the database on a remote (secure) server, modify the
# config file (/usr/local/syscheck/syscheck.config) to look like
# conf/syscheck-remote.config in the source. scp the config file to the
# remote server, then syscheck will read it remotely. See the source's
# README for more info.
# You can run it by hand, run it from cron, or have it run as a daemon
# (see the config file).
# To set up an hourly cron job (if you have the
# /etc/cron.(hourly|daily|weekly|monthly directories set up):
echo '#!/bin/sh' > /etc/cron.hourly/syscheck.sh
echo '/usr/local/syscheck/syscheck' >> /etc/cron.hourly/syscheck.sh
chmod 700 /etc/cron.hourly/syscheck.sh
# Become yourself again
exit
cd
mkdir -p -m 0700 installed
rm -f installed/syscheck-*.tar.*
mv syscheck-0.3.tar.gz installed/
List of HOWTOs
Web page itself last updated: 2023-12-20 8:06pm (EDT -0400)
HOWTO last updated: 2005-07-22 1:47pm
Copyright © 2001-2024 Jason Englander. All Rights reserved.
HOWTO last updated: 2005-07-22 1:47pm
Copyright © 2001-2024 Jason Englander. All Rights reserved.
![[HTML5]](HTML5_Logo_64-black.png){kind=logo}
