I'm looking for lightweight open-source tools that allow me to create custom rules to monitor sensitive files, like /etc/passwd, as well as risky commands such as nc -l. Ideally, I want a solution that lets me apply these rules across multiple servers with a single click and can generate reports if any rules are violated.
2 Answers
You should definitely check out AIDE! It's great for file integrity monitoring. Just keep in mind that I'm not entirely sure how extensive its reporting features are.
Another option is to use an RMM solution like NetLock RMM (which is open-source). You can create a bash script that checks the expected hash of a file and schedule it to run across all your devices. It’s pretty effective!
What's an RMM?