Files to monitor

Events happening in the community are now at Drupal community events on www.drupal.org.
derrotebaron's picture
Posted by derrotebaron on November 4, 2014 at 5:58pm

Are there any static files in Drupal that could be monitored for unauthorized access? In light of the latest vulnerability/exploit, I was wondering if perhaps a HIDS, or some type of file integrity solution could be used to monitor specific files related to Drupal that would indicate a compromise.

Thx

Categories: , ,

Comments

Monitor new and existing files.

Posted by brylie on November 5, 2014 at 11:18am
brylie's picture

I am currently researching how to monitor the site root and sub-directories for changes and additions. So far, I have the following ideas:

  • Private Git repository, perhaps owned by root, for all files (no ignores)
  • schedule a diff command against a white glove, private installation (possibly automated via drush make)
  • use inotify, possibly with php inotify

Brylie Christopher Oxley

Drafting document.

Posted by brylie on November 5, 2014 at 11:42am
brylie's picture

Please assist with the draft document "File system changes" in the Drupal Administration and Security Guide.

Brylie Christopher Oxley

starting point using inotify

Posted by likewhoa on November 5, 2014 at 5:48pm
likewhoa's picture

I wrote this after watching this thread which motivated me to get this done now. This script will monitor the whole drupal root including directories and files while excluding media files like images (for now).

Feel free to contribute at the github repo located at https://github.com/likewhoa/e-watch

Currently it will just echo what's being triggered but with that you can add all kinds of things like send an email,sms,delete offending file etc..

bending technology to fit businesses.

Security

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: