I used logmon for this, not entirely sure on your use case. But this profile will check that the permissions (owner) has not changed, if so, it alerts to inform you:
<PROFILE_1>
active = yes
interval = 5 sec
scanfile = ls -l /home/PATH/TO/FOLDER | grep 'deploy'
fileencoding =
scanmode = command
alarm = yes
qos = no
message = no
subject =
user =
resetFile = no
initialfileptr = 2
resumefileptr = 4
command_timeout_active = no
command_timeout =
command_severity = 2
command_timeout_alarm = 0
monitor_exit_code = Yes
max_alarm_sev = 5
max_alarms =
max_alarm_msg =
password =
reccur_directory = no
reccur_directory_level = 10
alarmFOpenFail = no
clearFOpenFailRestart = no
<thresholds>
<1>
value = deploy
oper = ne
msg = Permissions Error found on folder: /home/PATH/TO/FOLDER
sev = information
</1>
</thresholds>
</PROFILE_1>
------------------------------
CA - UIM administrator
------------------------------
Original Message:
Sent: 10-03-2019 11:02 AM
From: Guillaume Briere
Subject: Monitor File / Folder permission
Hello,
That's what I thought.
Thanks for your time.
Original Message:
Sent: 10-03-2019 10:58 AM
From: Gene HOWARD
Subject: Monitor File / Folder permission
we do not have a probe currently that will check folder or file permissions.
you would need to script something to do this check and possibly use logmon to read the response.
You could submit an ER to have the dirscan probe add this ability.
https://docops.ca.com/ca-unified-infrastructure-management-probes/ga/en/alphabetical-probe-articles/dirscan-file-and-directory-scan/dirscan-file-and-directory-scan-release-notes
------------------------------
Gene Howard
Principal Support Engineer
Broadcom
Original Message:
Sent: 10-03-2019 10:50 AM
From: Guillaume Briere
Subject: Monitor File / Folder permission
Hello and good day.
Beside using logmon, is there a probe that can monitor for file and folder permission?
By example, I want to raise an alarm when the folder /etc/something is different from 600.
Thanks for your help