devexpress asp.net barcode control Monitoring the filesystem with RPM in Font

Maker ECC200 in Font Monitoring the filesystem with RPM

Monitoring the filesystem with RPM
Generate Data Matrix In None
Using Barcode drawer for Font Control to generate, create DataMatrix image in Font applications.
www.OnBarcode.com
Barcode Creation In None
Using Barcode creation for Font Control to generate, create Barcode image in Font applications.
www.OnBarcode.com
The main filesystem monitoring tool available in CentOS is the RPM database. This database is maintained by the package management tool, RPM. Every file installed from an RPM package is tracked in this database. You can compare the information in the database to the actual files on the filesystem to generate a report of the differences. Some of the differences found indicate valid changes made by the system administrator, but any unexplained differences might be evidence of an intrusion. The main benefit of using RPM is that every CentOS system comes with an RPM database that is automatically kept up-to-date as you install and uninstall software you don t need to do anything to maintain the database. The RPM command includes a mode of operation that lets you verify your installed packages, which you invoke this with the -V parameter. You can verify a single package with this command: rpm V <package name> You can verify a single file with this command: rpm V -f <file name> You can also verify all installed packages with the rpm -Va command. You should expect some changes when you run a verify command, and the report provides some information to help determine if the change requires further investigation. Listing 9-10 shows some examples of the output you might receive on a typical CentOS server. Listing 9-10. Sample rpm -Va output S.5....T c /etc/yum.conf ....L... c /etc/pam.d/system-auth missing /usr/share/mimelnk/application/pdf.desktop S.5....T /usr/share/icons/hicolor/icon-theme.cache The first two lines are marked with a c, which indicates that they are configuration files. You can expect configuration files to change, so you can ignore these safely. This column can also contain other codes to indicate documentation and license files. Table 9-3 shows the possible file codes and what they mean.
PDF-417 2d Barcode Encoder In None
Using Barcode generator for Font Control to generate, create PDF417 image in Font applications.
www.OnBarcode.com
Create QR Code In None
Using Barcode creation for Font Control to generate, create QR Code JIS X 0510 image in Font applications.
www.OnBarcode.com
Download at
Draw Code 3 Of 9 In None
Using Barcode generation for Font Control to generate, create ANSI/AIM Code 39 image in Font applications.
www.OnBarcode.com
Painting UPCA In None
Using Barcode encoder for Font Control to generate, create GS1 - 12 image in Font applications.
www.OnBarcode.com
CHAPTER 9 ADVANCED SECURITY
Draw GTIN - 13 In None
Using Barcode generator for Font Control to generate, create GTIN - 13 image in Font applications.
www.OnBarcode.com
OneCode Generation In None
Using Barcode maker for Font Control to generate, create USPS Intelligent Mail image in Font applications.
www.OnBarcode.com
Table 9-3. Verify File Type Codes
Data Matrix 2d Barcode Generation In None
Using Barcode drawer for Software Control to generate, create DataMatrix image in Software applications.
www.OnBarcode.com
Generating DataMatrix In Java
Using Barcode generator for Java Control to generate, create ECC200 image in Java applications.
www.OnBarcode.com
Code
Read Barcode In Java
Using Barcode Control SDK for BIRT reports Control to generate, create, read, scan barcode image in BIRT reports applications.
www.OnBarcode.com
Print ANSI/AIM Code 39 In Objective-C
Using Barcode drawer for iPad Control to generate, create Code39 image in iPad applications.
www.OnBarcode.com
c d g l r
GTIN - 128 Generator In Objective-C
Using Barcode encoder for iPad Control to generate, create GTIN - 128 image in iPad applications.
www.OnBarcode.com
Barcode Printer In Java
Using Barcode creator for Java Control to generate, create Barcode image in Java applications.
www.OnBarcode.com
Type of file represented
Create Linear 1D Barcode In .NET Framework
Using Barcode encoder for ASP.NET Control to generate, create Linear Barcode image in ASP.NET applications.
www.OnBarcode.com
Generating EAN / UCC - 13 In Visual C#
Using Barcode drawer for VS .NET Control to generate, create EAN-13 Supplement 5 image in Visual Studio .NET applications.
www.OnBarcode.com
Configuration file Documentation file Ghost file with no contents License file Read me file
UPC-A Reader In VB.NET
Using Barcode reader for .NET Control to read, scan read, scan image in Visual Studio .NET applications.
www.OnBarcode.com
ECC200 Generation In Visual Basic .NET
Using Barcode creation for .NET Control to generate, create DataMatrix image in .NET framework applications.
www.OnBarcode.com
The next line of output is marked with the word missing, which indicates that the file is missing from the filesystem. Missing files can indicate an intrusion, an accidental deletion by the administrator, or a poorly packaged application. The output doesn t explain why the file is missing, but in this case a packaging conflict with a third-party PDF viewer is suspected. Typically, you can restore a missing file by reinstalling the appropriate package, as I will demonstrate later in this chapter. It might also be a sign of intrusion if system or security files are missing without an explanation. I ll also cover what this might look like and how you might recover from it later in this chapter. The last file listed is a cache file, which you can also expect to change from time to time. The verify command displays a summary of changed attributes when it detects a change in a file. A number of letters and symbols indicate the different attributes that the RPM database tracks. The first and last files listed in Listing 9-10 show the codes S, 5, and T. These codes indicate changes in the file size, the MD5 checksum, and the timestamp. These three codes are typical of a normal file change, but they can still be cause for concern. As with the other examples, I will cover how some of these changes might have more security significance than others. For example, U, G, and M signify changes to the user, group, and file permissions, all of which are significant changes. On the flipside, changes to timestamps don t typically indicate a problem. You can find the complete list of codes in Table 9-4. Table 9-4. Verify Attribute Codes
Data Matrix 2d Barcode Generator In None
Using Barcode drawer for Microsoft Excel Control to generate, create Data Matrix ECC200 image in Office Excel applications.
www.OnBarcode.com
Draw UPC-A Supplement 5 In Objective-C
Using Barcode encoder for iPad Control to generate, create UPC A image in iPad applications.
www.OnBarcode.com
Code
S M 5 D L U G
Type of change represented
Size of the file has changed File mode or permissions have changed MD5 checksum has changed Device node has changed Symbolic link has changed User ownership has changed Group ownership has changed
Copyright © OnBarcode.com . All rights reserved.