Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #monitoring file changes with auditctl
- sudo apt-get install auditd
- sudo /sbin/auditctl -w /home/amf/public/site/.htaccess -p war -k hosts-file
- oquidave@web /h/a/p/site> sudo /sbin/ausearch -f /home/amf/public/site/.htaccess | more
- type=UNKNOWN[1327] msg=audit(1459766547.822:130): proctitle=2F7573722F7362696E2F61706163686532002D6B007374617274
- type=PATH msg=audit(1459766547.822:130): item=0 name="/home/amf/public/site/.htaccess" inode=141561 dev=08:00 mode=0100444 ouid=33 ogid=33 rdev=00:00 nametype=NORMAL
- type=CWD msg=audit(1459766547.822:130): cwd="/"
- type=SYSCALL msg=audit(1459766547.822:130): arch=c000003e syscall=2 success=yes exit=41 a0=7f3c23034cd0 a1=80000 a2=1b6 a3=8 items=1 ppid=24452 pid=6797 auid=42949672
- 95 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apache2" exe="/usr/sbin/apache2" key="hosts-file"
- #.htaccess permissions, apache has only read permissions
- -r--r--r-- 1 www-data www-data 235 Dec 10 15:29 .htaccess
- #apache parent process is running as root user
- 24452 root 20 0 494060 33084 24568 S 0.0 1.6 22:18.19 apache2
- #process with pid 6797 isn't available
- oquidave@web /h/a/p/site> sudo ps -aux | grep 6797
- oquidave 15294 0.0 0.0 11720 1724 pts/6 S 13:51 0:00 grep --color=auto 6797
- #other apache child processes running as www-data with no write access to .htaccess file
- 12184 www-data 20 0 654328 71900 51908 S 0.0 3.5 0:02.25 apache2
- 13602 www-data 20 0 654252 69148 49192 S 0.0 3.4 0:01.27 apache2
- 13333 www-data 20 0 580456 69020 49192 S 27.3 3.4 0:01.09 apache2
- 13623 www-data 20 0 502728 59968 42292 S 0.0 2.9 0:00.32 apache2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement