IDM_cheesewire.pm offers Tripwire-like functionality: the inode, date-stamp, MD5 checksum and size of files is recorded in a database at a time the files are assumed "clean"; at run-time, current values are compared against those recorded and differences are logged.
Cheesewire can check some files more frequently than others: for example, files such as /bin/ls, /bin/ps, /bin/netsat and /bin/bash, and .sos on which these utilities depend, might be checked each hour, while the whole of /bin, /lib, /sbin, /usr/bin... might be checked only once a day to reduce load on the system.
Makes use of the standard Perl function stat and the CPAN Perl module Digest::MD5.
Configuration files:
/etc/IDM_cheesewire/policy.txt
/etc/IDM_cheesewire/policy_2.txt
/etc/IDM_cheesewire/db.txt
/etc/IDM_cheesewire/db_2.txt
The policy files describe which files and/or directories should be
checked by the Cheesewire module, and which attributes of the file should
be considered; the policies are turned into db files for input
to the module by the script /src/Scripts/initcheesewire. The
_2 policy is checked less frequently than the unnumbered
("_1") policy.
Usage:
# ...first edit the policy files, then...
#
cd /src/Scripts
./initcheewewire 1
#
# ...and/or
#
./initcheewewire 2
| ...previous | up (conts) | next... |