I'm having an issue with a cPanel shared server running CentOS 5 where a few directories under the public_html folder keep getting changed to 777 from 755. The customer says they are not changing it and i'm wondering if there is a way to monitor these specific directories to find out who/what is changing the permissions.
I have looked into using auditctl and after testing it and changing the permissions myself I don't see anything in the logs so i'm not sure if i'm doing it right or if it's even possible.
Does anybody have any suggestions or ideas on how I could figure out what is changing the permissions?
Thanks!!
Create an every-minute or hourly cron job with a shell script that simply checks the output of ls -hal
on these few directories. Then once a difference is noted, you can respond appropriately (i.e. write a simple output somewhere noting the change; The timestamp of that logfile will give you the first time it is noticed).