Turris OS audit

pan · July 3, 2024, 6:30am

Hi,
is there some tool to audit the files on the router? The idea is that I run such tool, it will inspect all the files ant tell me which are expected to be there and unmodified (e.g. installed from a package), which are expected but (un)expectedly modified, which are expected but the content cannot be chcecked (e.g. config files), totaly unexpected and suspicious, etc.

This would be to find residuals of old experiments, broken updates, security, etc.

I realize this is a very complicated task, but not impossible, at least to some level.

Any suggestions?

Thanks

ljelinek · July 3, 2024, 11:59am

Hi, you can use Monit for this purpose. It supports many different checks, such as file checksum, content, timestamp, size, etc.

Monit has its OpenWrt package, thus you can install it via CLI or LuCI. I strongly encourage to configure an external storage first and configure Monit to store its idfile and statefile there.

miska · July 3, 2024, 1:38pm

There is a pkg_check command that you can verify against package database.

pan · July 9, 2024, 1:18pm

Thank you, that looks like something that can do at least partially what I want.

system · July 12, 2024, 1:18pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.