/cyb/ - File System Integrity Checking

Name
Email
Subject	Spoiler Image
Comment formatting options
File
Password	(For file deletion.)

File: 1539546673872.png (1.29 MB, 1600x900, polybius-listingthumb-01-p….png)

File System Integrity Checking Luv 2018/10/14 (Sun) 19:51:13 No.3419

I'm looking at deploying a server soon; I'm going to monitor the file system for any changes.

There is AIDE & Tripwire. I've ruled out Tripwire as it seems to be poorly maintained in favor of their commercial variant.

There are a lot of posts stating that it's best to automate the integrity checking using a cron job.

I personally see this as a risk; automating the check would mean the binary & database would need to be locally stored and/or not stored in an encrypted container.

How does alice go about monitoring changes to their system?

Masami Eiri 2018/10/17 (Wed) 12:21:49 No.3427

File: 1539778909641.jpg (23.25 KB, 1280x720, secret.jpg)

I really just rsync all my stuff and read the log. Usually there are only a couple changed files so the whole process takes like 5 to 10 seconds. I'm well aware that if this is about thousands of files that change every day this approach makes zero sense, but it works for me anyway.

Undisclosed 2018/10/27 (Sat) 02:35:33 No.3456

I assume this is VPS or similar

in this case whomever owns your server ultimately can of course, modify something such that your automated system cannot tell, or in such a way that the local checking system doesnt trigger an alarm to you, if they are careful.

a reliable way would be to create say, a weekly file listing hashes of 'major files' on the system. kernel, libraries, data, config files, what have you. This could be a cron job.

On a seperate system you trust, you either sync this file each time, and check for hash changes, or even you could hash that file and keep a 'system hash'.

I just dont like the idea of maintaining the ultimate monitoring be on the untrusted system.