command to find any changed or added files
command to find any changed or added files
find / -type f -mtime 1 | more
There are numerous apps to do that kind of stuff. ‘chkrootkit’ for one, to check for rootkits. ‘afick’ is a file integrity checker that runs as a cron job, or ‘check-packages’ which is an older, simple script
Install Ossec (just run the script) and the ossec wui (copy to web document root, chmod 665 and then in /etc/group add httpd to the ossec group. Just google ossec
it will give you rootkit hunting, integrity checking, it will look through log files also for things such as brute force attacks and so on and can also use active response for active blocking. A wonderful tool and a great way to search through logs as you can search for all events related to multiple authentication failures and so on or by the alert level. A very nice tool.