Rate This ProjectLogin To Rate This Project
BIG KUDOS for this program! This little program listed an infection in the "/dev/shm/ /" directory. (so attacker made a SPACES subdir to make it invisible!) Grindr/sktrap listed 35 files in that server that changed, 30 files of them were the infection's files. I looked at the source code and the ideas behind this program are smart, and stuff is pretty well polished. Feature request: maybe you can make the whitelisting PER SERVER? Baselining and looking for changes in ports based on the baseline. Illyana :)
Nice . very simple to setup and very effective at what it does: monitor your system integrity.
I like this program: instead of being bombarded with the same warnings every day (with the risk of ignoring important real changes), with this program, you get a single file with a few lines max per client listed. I guess this is based on the programs main idea of just finding the modification time changes, so you just get the changed stuff listed. I've made a cronjob myself to run grindr every night, which starts a wrapper I built to mail grindrs' output to my inbox. Maybe "agentb" can built-in the mail-feature? Cheers, Tom
Great little piece of software, i use this script on my main monitor server to watch about 12 other server and i get notified about all changes. For example last week someone added a new root user without letting me know and i got notified via grindr so i could check if this was legit, turned out it was. I can recommend this to anyone managing multiple servers and who find tripwire too much hassle to install.