Linux – Monitoring whether a file has been changed on a remote web server

apache-2.2linuxwindows

What's the best method for monitoring whether a file has been changed on a remote web servers given the following preconditions?

  • Servers are running different operating system but most are some flavor of Linux, a couple are running Windows Server.
  • SSH access isn't available on all servers.
  • The check is primarily to test that php templates used to generate pages, haven't been corrupted. The template doesn't change in size so the checksum of the file is always the same specifically replaced by an administrator.

So far I've only come up with the option of placing a file specifically on each server and then polling each of those files to retrieve diagnostic data. I have some concerns however about whether those file may themselves be compromised if they are in a public facing directory to require polling by an external source.

Best Answer

Similar to tripwire, but OSSEC will watch for file modifications as well: http://www.ossec.net (this'll require a lightweight agent to be installed on the servers in question).