Title: Tool to track changes? - Linux/Unix
Post by: Manu Zacharia (-M-) on June 29, 2008, 09:31:31 PM

Hi All,

I am looking for a linux based tool (very similar to InCtrl5 (http://anonym.to/?http://www.pcmag.com/article2/0,1759,9882,00.asp)) that will help me identify the changes resulting from a particular action, i.e., changes made during an installation, files accessed, modified, changed, added, etc.

With InCtrl5, the process is very easy, just 3 steps:

Run InCtrl5 to create a snapshot of the existing system
Run the applicaiton / change the configuration / install the configuration
Run InCtrl5 again to generate the report that will reflect the changes made to the system

Any similar tools for linux?

Title: Re: Tool to track changes? - Linux/Unix
Post by: shakuni on June 29, 2008, 10:55:11 PM

Tripwire, AIDE, FCheck etc. may be used for the purpose.

Title: Re: Tool to track changes? - Linux/Unix
Post by: jimbob on June 30, 2008, 03:13:20 AM

You might consider running strace to log the system calls made by the software installer. It should show you every file access, sockets created etc. It's not the easiest to read but you will see all the program activity. make sure you use the flag that follows fork() to monitor any child processes.

Jimbob

Ethical Hacker Community Forums

Resources => Tools => Topic started by: Manu Zacharia (-M-) on June 29, 2008, 09:31:31 PM