I have a WAR file that is deployed to an older Weblogic instance. My management is concerned about the application being hacked and files (especially JSPs) being changed.
What solutions exist for auditing changes to files in a deployed WAR? More to the point, how do I audit the files once they are exploded from that WAR?
These files are no different than any others. Just save SHA2 checksums of the known-good files and then compare as needed with the checksums of the deployed files.
You can untar the two wars in two different locations/folder and then run a rsync dry run command to check if thrs any difference in the files.
