tool to alert when files change?

Question

OS=debian

I have several sites and two users who work on them and sometimes update.

Instead of enabling/disabling the users when the site go live i trust them and assume they wont break my site.

However hackers do exist so i would like an app to alert me when there are changes (i plan to watch all sites that have gone live) so i can check what files are changed and to look at vandalism on the site(s).

The tool should preferably email me.

Bonus if it can tell me when my HD is getting low but i expect to use another tool for that.

Please specify which OS. – Mark Wagner Sep 27 '10 at 22:13 — Mark Wagner, Sep 27 '10 at 22:13

Kyle Brandt · Answer 1 · 2010-09-28T13:25:28.170

3

You probably want a host based intrusion detection system (IDS) like tripwire since your intent is security. This will generate checksums of files based on the contents. If the file changes next time they are scanned the checksum will differ and will alert you that the file has changed.

You may have noticed that some programs you download contain a md5 hash near the link. This is so you can verify the file integrity. The principle with trip wire is the same.

edited Sep 28 '10 at 13:25

answered Sep 28 '10 at 02:48

Kyle Brandt

83,619
74
305
448

I found [this](https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps) a useful resource when setting up tripwire. – ringmaster Apr 16 '15 at 15:00

score 1 · Answer 2 · answered Sep 27 '10 at 21:38

1

If you are using Linux, incron will watch files in directories you designate or inotifywait can watch files recursively. Any action can be taken when there are changes.

answered Sep 27 '10 at 21:38

Dennis Williamson

62,149
16
116
151

score 1 · Answer 3 · answered Sep 28 '10 at 16:05

You want AIDE - an intrusion detection system. It scans the directories you tell it to, to build up a database of md5 hashes. Then you run it regularly, or on-demand to create another DB which it compares to the original. Differences are reported to you. then you can make the new DB into the baseline and repeat.

You don't have to check file changes, it'll report on permission updates and other items as well. The report it produces is a text file that can be emailed after a run - google for examples.

Its free and OSS.

score 0 · Answer 4 · answered Sep 27 '10 at 21:26

0

Not sure whether this is a Linux question. If it is, you can use basically any tool that interfaces with the inotify subsystem of the Linux kernel. Such as, for example, iwatch: http://iwatch.sf.net

answered Sep 27 '10 at 21:26

unixtippse

880
1
6
13

score -1 · Answer 5 · answered Nov 29 '16 at 17:02

For my websites I use https://monitorwebsitefilechanges.cloud/

I prefer it compared to tripwire because it is simple to install (just copy a file) and does not require administrator skills or root privileges.

It is also the only script/IDS I found that works with cheap hosting (Linux/Windows) without SSH access and without cron.

tool to alert when files change?

5 Answers5

Linked