ConfigServer Community Forum

#1 - File Integrity Checking

Being able to monitor important folders and files for changes. IE : /etc , /etc/passwd, groups , shadow, config files, system binaries . Based on md5 checkings ?

lfd already does that with the LF_DIRWATCH_FILE setting and the csf.dirwatch file.

But - if I enable the disable option for suspicious files - won't it delete those ?

it would be great to be able to create a custumized security level.

In my case for exemple, I would like to use the High Security Level but without the Remove suspicious files setting.

ImZan wrote:But - if I enable the disable option for suspicious files - won't it delete those ?

No, the LF_LF_DIRWATCH_FILE setting doesn't use LF_DIRWATCH_DISABLE

rafaelfpviana wrote:it would be great to be able to create a custumized security level.

In my case for exemple, I would like to use the High Security Level but without the Remove suspicious files setting.

You can always just set the High Level and then go into the configuration file and disable any options that you want.

chirpy wrote:You can always just set the High Level and then go into the configuration file and disable any options that you want.

Didn't know about that, i'll check it out Chirpy. Thanks.

is there anyway to make it auto delete suspicious files becuz im getting backdoored and im not ready for an os reload till i get a good backup..

pimpinjg wrote:is there anyway to make it auto delete suspicious files becuz im getting backdoored and im not ready for an os reload till i get a good backup..

What would define a suspicious file? Also, if your system is already compromised it is too late to get a good backup. How will you know that you are not just backing up and restoring the exploit?