2

I'm looking for a way to periodically check a file system tree for permissions that have been set incorrectly.

The context is:

  • this is in an academic compute environment, with students, researchers and overworked sysadmins
  • the focus is not on malicious actors, but rather mistakes made by any of the above
  • existing users/group hierarchy
  • prevention does not have to be immediate, we're thinking of something that can run daily
  • ideally don't want to have to install extra tools such as tripwire
  • don't need a forensic trail to be captured

My hunch is a script that:

  • runs daily via cron
  • runs as a user with read permissions for the entire tree
  • checks that rwx is off for the "all" bits.. (more rules to be added)

Before I start this, is there an established way to do this that I'm not aware of?

pufferfish
  • 2,830
  • 11
  • 39
  • 40
  • You could simply override permissions via `chmod` in a cron script, this way wrong permissions will get changed only. Or an other approach to set permissions is to set a sticky-bit for the parent directory and this will have priority over the file-rights. – Mario Dec 20 '21 at 14:34

1 Answers1

3

You want to check AIDE or mtree

More generic list of File integrity monitoring software

AlexD
  • 8,747
  • 2
  • 29
  • 38