[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] monitoring etc passwd

To: hobbit (at) hswn.dk
Subject: Re: [hobbit] monitoring etc passwd
From: Shaun Phillips <tainted.soul69 (at) googlemail.com>
Date: Wed, 8 Jul 2009 11:34:10 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=n2JNw4kbk8oL7WmuKgNsJq6gSPZ3081fGPAo6pN2x1c=; b=qWBpNadZQLBgARVvGRixMImqa7Y2jHVVhffaCTYVhNPpwuZBBn3KShX3PnZzu7Rh0R 1ztWEecd/OwxyNNTltBVGiyofoqYLqOLOWl49qID/E646kaLz1n33tm0m9DkMhfLbrRo YZ5fGu4zOKDx96yLTY3cmrLhp7j4Hy5jUczxQ=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=XOv7PpKQVSBsa6qOnIiG+ni7M65+2VPg0v3fGoIDMxVSJmy1MxW2th/Yboqy++BEVp EOEzpUzveeQ6JDa6GDlVDQ7NPIkpzbn5hm7/KEGYZCPD3VtZcN5oVNgkbQ/jEem1LU8o 9XEV4fIq18t7OBQ8/XAZD3T6csSKz4m/uPYws=
References: <20090707222449.X6AJK.539860.root (at) hrndva-web27-z01> <4A545290.3020100 (at) makelofine.org>

If you do monthly root password changes this is going to send your entire
estate red surely as the MD5 will change?

On Wed, Jul 8, 2009 at 9:02 AM, dOCtoR MADneSs <doctor (at) makelofine.org>wrote:

> rsmrcina (at) wi.rr.com a écrit :
>
> Gavin,
>>
>> Use the FILE client check to determine and possibly alert when a file
>> (/etc/passwd) has been changed.
>>
>> ---- Gavin Leonard <gleonard (at) progrexion.com> wrote:
>>
>>> Hi All,
>>>                I am having a problem where users and groups are being
>>> created without the knowledge of the admin team and its making it difficult
>>> to know who had access to what systems if they leave the company... is there
>>> a way for hobbit to tell me when the /etc/passwd or /etc/group files change?
>>> Thanks in Advance..
>>>
>>> -Gavin
>>>
>>>
>>>
>>>
>>
>> To unsubscribe from the hobbit list, send an e-mail to
>> hobbit-unsubscribe (at) hswn.dk
>>
>>
>> Hi,
>
> In client-local.cfg :
> [your_host]
> file:/etc/passwd
> in hobbit-clients.cfg :
> HOST=your_host
> FILE /etc/passwd red MD5=9780JNLKNoiulknaée2
>
> Those settings should do exactly what you need
>
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe (at) hswn.dk
>
>
>

Follow-Ups:
- Re: [hobbit] monitoring etc passwd
  - From: Ralph Mitchell
- Re: [hobbit] monitoring etc passwd
  - From: dOCtoR MADneSs

References:
- Re: [hobbit] monitoring etc passwd
  - From: rsmrcina
- Re: [hobbit] monitoring etc passwd
  - From: dOCtoR MADneSs

Prev by Date: Re: [hobbit] Editing thresholds from a web page.
Next by Date: SAR showing no values
Previous by thread: Re: [hobbit] monitoring etc passwd
Next by thread: Re: [hobbit] monitoring etc passwd
Index(es):
- Date
- Thread