[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Possible Hack.
- Subject: Re: [cobalt-users] Possible Hack.
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat Feb 8 21:00:00 2003
- Organization: Front Street Networks LLC
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
On Saturday 08 February 2003 23:30, ISEE Multimedia wrote:
> > Do you have fcheck installed, and did it say there were changed files?
>
> Hi Gerald,
>
> It seems that the output of 1 file deleted was during a system crash.
>
> When i run last the time correspond with a system crash and reboot.
>
> However, im currently installing FCheck and would like some advice on
> configuration.
>
> 1, What directories on the RAQ would you suggest need to be monitored?
In fcheck.cfg
Directory = /usr/
Directory = /bin/
Directory = /lib/
Directory = /root/
Directory = /boot/
Directory = /sbin/
Directory = /etc/rc.d/
Directory = /tmp/
Directory = /dev/
> 2, How would I go about adding this to Cron to run daily?
crontab -e
32 4 * * * (cd /home/tools/chkrootkit-0.38; ./chkrootkit | mail -s "chkrootkit
run" admin)
35 4 * * * (cd /home/tools/fcheck; ./check-it | mail -s "fcheck output"
admin)
38 4 * * * (cd /home/tools/fcheck; ./build-it | mail -s "fcheck rebuilt"
admin)
07,22,37,52 * * * * /usr/local/etc/logcheck.sh
> 3, Would adding this to Cron email me the results? and if not is this
> possible?
Yes, build a crontab as root, example above.
Gerald
--
http://frontstreetnetworks.com | http://store.raqware.com
Front Street Networks LLC | Phone: 203-785-0699
229 Front Street, Ste #C, New Haven, CT 06513-3203