Monitoring other software repository download

how to write a script to Attempts to download software from a location other than the cloud software repository. Beats

I don't understand the question. Please provide more details.

Hi Andrewkroh,

i want to write a json script, End users download a software or install a software only using this primary repository ***-repo-us-east-1, ***-repo-us-west-2, suppose some users download a software or install a software from some other public repository that time email will alert to me, some users download software from other repository.

What kind of repository access are you talking about? Are you referring to a specific package manager like yum or apt?


Only Yum related installation.

Do you want to detect this based on the network traffic? Or how would you do it manually?

For yum there seems to exist a /var/log/yum.log you can try to capture.

A list of packages installed one can get via yum list installed. Writing this commands output to a log file via cron, makes this information collectible via filebeat.

There's also yum history, but not sure if yum history provides local user information or global info.

Your distributions documentation might include docs about log file locations. e.g. for fedora.

Users having (root) rights to install software might be able to install other software using other tools as well. e.g. pip for python based tools. You can also monitor /bin, /usr/bin, /usr/local/bin, /opt/bin, /opts/*/bin and many other directories for changes via ls -la <path> and cron.

Well, on most systems I can just drop a binary in my home directory and that's it.

This topic was automatically closed after 21 days. New replies are no longer allowed.