Basic Linux system auditing is a bit tricky and data collected and information of that is out of place and readability is not that good. Recently this led me to put together a Open Source code project and develop simple BASH scripts that do the job nicely.
The code and tar ball can be downloaded from both google code or from SourceForge’s website and the project website has links to documentation, help, installation and code.
The Auditor utilities can be safely copied/extracted into /usr/local/bin as this folder is in the path settings in most linux distributions. The utilities work well with the latest versions of RHEL, FEDORA, CENTOS, OPENSUSE, UBUNTU, DEBIAN, SLACKWARE.
Download And Install
At the shell prompt as root and these scripts will only keep one process and only as root:
# wget http://linux-easy-admin-utilities.googlecode.com/files/linux-easy-admin-util-v0.2.tar.gz
# tar -zxvf linux-easy-admin-util-v0.2.tar.gz
# cp easy-admin/* /usr/local/bin/
Does a dependency check, i.e. the utility will check if the system has got the necessary apps installed, a few are ip, grep, awk, netstat etc. which are mostly part of the base system.
This should give you a list of dependency error list. The available Auditors features explained at end of page and their syntax are:
genadtchk [ -h -v -c ]
dskadtchk [ -a -h -v -c ]
fsadtchk [-a -h -v -c ]
netadtchk [-a -h -v -c ]
usradtchk [-c -h -v ]
The audited data is copied into a file in /tmp/<utility folder>/filename and a tmp folder cleaner is provided.
An additional utility that is bundled along is the password generator: