[hobbit] monitoring etc passwd

dOCtoR MADneSs doctor at makelofine.org
Wed Jul 8 13:48:02 CEST 2009


Shaun Phillips a écrit :
> If you do monthly root password changes this is going to send your 
> entire estate red surely as the MD5 will change?
> 
> On Wed, Jul 8, 2009 at 9:02 AM, dOCtoR MADneSs <doctor at makelofine.org 
> <mailto:doctor at makelofine.org>> wrote:
> 
>     rsmrcina at wi.rr.com <mailto:rsmrcina at wi.rr.com> a écrit :
> 
>         Gavin,
> 
>         Use the FILE client check to determine and possibly alert when a
>         file (/etc/passwd) has been changed.
> 
>         ---- Gavin Leonard <gleonard at progrexion.com
>         <mailto:gleonard at progrexion.com>> wrote:
> 
>             Hi All,
>                            I am having a problem where users and groups
>             are being created without the knowledge of the admin team
>             and its making it difficult to know who had access to what
>             systems if they leave the company... is there a way for
>             hobbit to tell me when the /etc/passwd or /etc/group files
>             change? Thanks in Advance..
> 
>             -Gavin
> 
> 
> 
> 
> 
>         To unsubscribe from the hobbit list, send an e-mail to
>         hobbit-unsubscribe at hswn.dk <mailto:hobbit-unsubscribe at hswn.dk>
> 
> 
>     Hi,
> 
>     In client-local.cfg :
>     [your_host]
>     file:/etc/passwd
>     in hobbit-clients.cfg :
>     HOST=your_host
>     FILE /etc/passwd red MD5=9780JNLKNoiulknaée2
> 
>     Those settings should do exactly what you need
> 
> 
>     To unsubscribe from the hobbit list, send an e-mail to
>     hobbit-unsubscribe at hswn.dk <mailto:hobbit-unsubscribe at hswn.dk>
> 
> 
> 
Yes, of course every authorized changes in /etc/passwd MD5sum must be 
passed to hobbit-clients.cfg



More information about the Xymon mailing list