Most of Linux distributions comes with Linux Auditing Technique that makes it feasible to track file changes.
It’s a useful functionality for sysadmins who need to know who and when changed sensitive files like /etc/passwd, /etc/sudoers or PHP files.
In the following tutorial I will show you how to track changes on your PHP files:
1. Fist step is creating a MD5 file that corresponding with your PHP files from your website. (for example from /var/www/debian-tutorials.com)
We will find all php file from /var/www/debian-tutorials.com and we wll create a MD5 for every file and save that md5 file in /root
find /var/www/debian-tutorials.com -name “*.php” | xargs md5sum > /root/md5-debian-tutorials
The file will look like this: Continue Reading…