util.sh shell script can add a file to be monitored by
It can also add a full_command to check for changes to a website, or for changes to the name server of a domain.
A blogpost from Daniel Cid (for 3WoO) introduced this utility.
Add a file to be monitored by
localfile will be added to the ossec.conf.
Monitor a website for changes. A
full_command will be added to the
ossec.conf using lynx to dump the initial page.
A rule can be written to monitor this output for changes.
This may not be useful on pages with dynamic content.
Monitor the name server of a domain for changes. A
full_command will be added to the ossec.conf using host
Running the following command:
# /var/ossec/bin/util.sh adddns ossec.net
will add the following to that system’s
<ossec_config> <localfile> <log_format>full_command</log_format> <command>host -W 5 -t NS ossec.net; host -W 5 -t A ossec.net | sort</command> </localfile> </ossec_config>