8 Jul
2009
8 Jul
'09
11:48 a.m.
Shaun Phillips a écrit :
If you do monthly root password changes this is going to send your entire estate red surely as the MD5 will change?
On Wed, Jul 8, 2009 at 9:02 AM, dOCtoR MADneSs <doctor at makelofine.org <mailto:doctor at makelofine.org>> wrote:
rsmrcina at wi.rr.com <mailto:rsmrcina at wi.rr.com> a écrit : Gavin, Use the FILE client check to determine and possibly alert when a file (/etc/passwd) has been changed. ---- Gavin Leonard <gleonard at progrexion.com <mailto:gleonard at progrexion.com>> wrote: Hi All, I am having a problem where users and groups are being created without the knowledge of the admin team and its making it difficult to know who had access to what systems if they leave the company... is there a way for hobbit to tell me when the /etc/passwd or /etc/group files change? Thanks in Advance.. -Gavin To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk <mailto:hobbit-unsubscribe at hswn.dk> Hi, In client-local.cfg : [your_host] file:/etc/passwd in hobbit-clients.cfg : HOST=your_host FILE /etc/passwd red MD5=9780JNLKNoiulknaée2 Those settings should do exactly what you need To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk <mailto:hobbit-unsubscribe at hswn.dk>
Yes, of course every authorized changes in /etc/passwd MD5sum must be passed to hobbit-clients.cfg