FANDOM


If you are on a multi-user, or even multi-admin user, maintaing a configuration history is useful.

There are a bunch of tools that are good for this.

obviously some tool like subversion or git can be used to track file changes


auditd is probably the best option, as it is a standard feature of the kernel and looks to be pretty comprehensive about what it can track in terms of processe and calls, however it looks like it would need to be combined with some version control tool to actually see the changes to the files, particularly for configuration file changes.

hence one of these crusty old tools would probably do the trick


tripwire, integrity or aide


configuring aide Edit

http://www.techrepublic.com/article/use-aide-to-help-detect-a-compromised-system/5031576#

http://www.howtoforge.com/how-to-configure-the-aide-advanced-intrusion-detection-environment-file-integrity-scanner-for-your-website

http://www.debuntu.org/intrusion-detection-with-aide

http://www.cs.tut.fi/~rammer/aide/manual.html#config

http://linuxpoison.blogspot.co.uk/2008/08/quick-configuration-of-aide-advanced.html