June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
1.9. Automated Integrity Checking
Problem
You want to schedule integrity checks at specific times or intervals.
Solution
Use cron. For example, to perform an integrity check every day at 3:00 a.m.:
root's crontab file:
0 3 * * * /usr/sbin/tripwire --checkDiscussion
This is not a production-quality recipe. An intruder could compromise cron, substituting another job or simply preventing yours from running. For more reliability, run the cron job on a trusted remote machine:
Remote crontab entry on trusty:
0 3 * * * ssh -n -l root trippy /usr/sbin/tripwire --checkbut if an intruder compromises sshd on trippy, you’re again
out of luck. Likewise, some
rootkits [Recipe 9.12] can subvert the exec call
to tripwire even if invoked remotely. For maximum
security, run not only the cron job but also the integrity check on a
trusted remote machine. [Recipe 1.8]
Red Hat Linux comes preconfigured to
run tripwire every night via the cron job
/etc/cron.daily/tripwire-check. However, a
Tripwire database is not supplied with the operating system: you must
initialize one yourself. [Recipe 1.1] If you
don’t, cron will send daily email
to root about a failed tripwire invocation.
See Also
tripwire(8), crontab(1), crontab(5), cron(8).