[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Possible Hack.
- Subject: Re: [cobalt-users] Possible Hack.
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat Feb 8 21:06:01 2003
- Organization: Front Street Networks LLC
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
On Saturday 08 February 2003 23:59, Gerald Waugh wrote:
> On Saturday 08 February 2003 23:30, ISEE Multimedia wrote:
> > > Do you have fcheck installed, and did it say there were changed files?
> >
> > Hi Gerald,
> >
> > It seems that the output of 1 file deleted was during a system crash.
> >
> > When i run last the time correspond with a system crash and reboot.
> >
> > However, im currently installing FCheck and would like some advice on
> > configuration.
> >
> > 1, What directories on the RAQ would you suggest need to be monitored?
>
> In fcheck.cfg
>
> Directory = /usr/
> Directory = /bin/
> Directory = /lib/
> Directory = /root/
> Directory = /boot/
> Directory = /sbin/
> Directory = /etc/rc.d/
> Directory = /tmp/
> Directory = /dev/
>
> > 2, How would I go about adding this to Cron to run daily?
>
> crontab -e
> 32 4 * * * (cd /home/tools/chkrootkit-0.38; ./chkrootkit | mail -s
> "chkrootkit run" admin)
> 35 4 * * * (cd /home/tools/fcheck; ./check-it | mail -s "fcheck output"
> admin)
> 38 4 * * * (cd /home/tools/fcheck; ./build-it | mail -s "fcheck rebuilt"
> admin)
> 07,22,37,52 * * * * /usr/local/etc/logcheck.sh
>
I built a couple of files in fcheck dir
this is ./check-it
#!/bin/sh
./fcheck -adxf .host.domain.tld
this is ./build-it
#!/bin/sh
./fcheck -cadxf .host.domain.tld
echo "rebuilding database"
#chmod 444 data/sol.dbf
> > 3, Would adding this to Cron email me the results? and if not is this
> > possible?
>
> Yes, build a crontab as root, example above.
>
--
http://frontstreetnetworks.com | http://store.raqware.com
Front Street Networks LLC | Phone: 203-785-0699
229 Front Street, Ste #C, New Haven, CT 06513-3203