10 Apr
2013
10 Apr
'13
11:18 a.m.
On Wed, 10 Apr 2013 11:48:51 +0100, Nick Pettefar <Nick at Pettefar.com> wrote:
Is there an established way of monitoring for /etc/passwd entriy changes/additions on Solaris servers?
If it is not supposed to change, then you can check an MD5 or SHA1 hash of the file matches.
See the "FILE" check in analysis.cfg
http://www.xymon.com/xymon/help/manpages/man5/analysis.cfg.5.html#lbAK http://www.xymon.com/xymon/help/manpages/man5/client-local.cfg.5.html#lbAI
The "xymondigest" tool can calculate the hash for you, if the system doesn't have a pre-installed MD5/SHA1 hash tool installed.
Regards, Henrik