Changing Linux bash startup files and history files. Beats

Hi,

kindly help me how to write a watcher script (json Script) for Changing Linux bash startup files and history files. Beats.

send to alert mail to administrator when some one changing bash startup files and history files.

This is unfortunately not easy at the moment as we don't have a Beat that can check the integrity of files. We do consider building something like that, though.

thank you, kindly tell me any possibilities to filter anyone change or Removal of system log contents. email alert.

You could setup auditd rules for the files you want to watch. Then have Filebeat read the audit logs, send them to Logstash or Ingest Node to do some parsing. And finally with data in ES you could setup some alerts/watches.

This topic was automatically closed after 21 days. New replies are no longer allowed.