Re: [Integrit-users] checking files

[Ed L C. <ec...@ug...>]

sco...@ma... writes:

> Can somebody help me with another problem i am having. I am trying to
> narrow the list of files that integrit is checking down a
> lot. Integrit is going to be used on a server for a small business
> that hosts its own e-mail and webserver. Plus all that other stuff
> like DHCP and DNS and whatnot. So my questionn i guess is, what files
> are absolutly critical to protect? I need to check as many files as I
> can without having it take up to large an amount of system resources,
> but also without making integrit innefective in what it was made to
> do.
>
> My goal is to have integrit run every 10 minutes or so, then e-mail me
> of any changes that happened to the files i was checking, or e-mail me
> to say that everything is fine.

This is probably something that every sysadmin has to fine tune.  Some
general guidelines for a minimal check might be --

  * check essential system configuration files like those in /etc

  * check init scripts and core system binaries like in /sbin

  * check core system shared libraries that the above binaries rely on 

  * check kernel-related stuff

  * maybe less-essential binaries like /usr/local/foo-1.2.3/bin.

Others may have some more tips.  It is best to experiment a lot so
that you're good at tuning integrit to your systems.

-- 
--Ed L Cashin            |   PGP public key:
  ec...@ug...        |   http://noserose.net/e/pgp/