7.9 Monitoring files
Almost all security programs available are for the monitoring of
file integrity. Cfengine also incorporates tools for monitoring
files. Here are some of the elements in the faily complex files
In additions to these, there are extra flags for BSD filesystems and
ways of managing file ACLs for systems like NT.
Here are some examples of basic checks on file permissions:
In the last example we parse through a whole file system (recurse=inf)
and as a result we get a number of checks for free. Any previously
unknown setuid programs are reported as well as any suspicious
filenames (see below).
# Define a class of hosts based on a test...
have_shadow = ( `/bin/test -f /etc/shadow` )
NFSservers = ( server1 server2 )
/etc/passwd mode=0644 o=root g=other action=fixplain
/etc/shadow mode=0400 o=root g=other action=fixplain
# Takes a while so do this at midnight and only on servers
mode=-0002 Check no files are writable!