Blog

FIM Cool Trick: Detect new, removed, or modified web server accounts

Goal: Detect new, removed, or modified web server accounts


Apache web server accounts are stored in a .htaccess file.  This is commonly found near, but not in the directory tree that holds your actual web content (/var/www/html/ in this example).  By monitoring this file for changes, you can tell if accounts are added, deleted, or modified.

Monitor:
/var/www/private/.htpasswd
(Modify to match the locations of your .htpasswd file(s) )

Related Posts