[sllug-members]: Finding what process modifies files?
Mike Bourgeous
i_am_nitrogen at hotmail.com
Mon Jan 8 19:37:18 MST 2007
Group and permissions are probably being changed by a security daemon
running, either through init or cron. Check for one or more of those.
There are "nasty" little daemons out there that will chmod and chown
everything in /usr/bin and other folders to what they feel is most secure,
which is good for some cases, and bad for yours.
Mike Bourgeous
>From: Mitch Anderson <mitch at metauser.net>
>Reply-To: Salt Lake Linux Users Group Discussions <sllug-members at sllug.org>
>To: Salt Lake Linux Users Group Discussions <sllug-members at sllug.org>
>Subject: Re: [sllug-members]: Finding what process modifies files?
>Date: Mon, 08 Jan 2007 19:08:19 -0700
>
>depending on what release of redhat you have auditd (rhel4+) or laus in
>rhel3.
>
>I'm not that familiar with either at this point other than laus is
>buggy, and I'm glad it was replaced in rhel4. Some resources for
>rhel4's auditd can be found here:
>
>http://people.redhat.com/sgrubb/audit/
>
>He also has some really cool graphing scripts for the audit daemon.
>
>Marc Christensen wrote:
> > Hey, I'm trying to find what process is modifying some files owned by an
> > RPM I wrote. After a mystery processes runs, some groups and
> > permissions on the RPM's files and directories have changed however, I
> > don't know when or what process is doing the changing.
> >
> > I looked into fam and fileschanged which tells me that the files are
> > changing but not which process is doing the modification.
> >
> > Does anyone know of a utility that possibly uses fam or similar file
> > alteration monitor to report which processes are doing the changing?
> >
> > Thanks.
> >
> > --
> > Marc Christensen
> > http://blog.mecworks.com
> > ______________________________________________________________________
> > See http://www.sllug.org/ for latest SLLUG news, information, links.
> > Join SLLUG and other UT LUG members on irc.FreeNode.net channel #Utah
> > sllug-members at sllug.org
> > http://www.sllug.org/cgi-bin/mailman/listinfo/sllug-members
>
>______________________________________________________________________
>See http://www.sllug.org/ for latest SLLUG news, information, links.
>Join SLLUG and other UT LUG members on irc.FreeNode.net channel #Utah
>sllug-members at sllug.org
>http://www.sllug.org/cgi-bin/mailman/listinfo/sllug-members
_________________________________________________________________
Type your favorite song. Get a customized station. Try MSN Radio powered
by Pandora. http://radio.msn.com/?icid=T002MSN03A07001
More information about the sllug-members
mailing list