I want to monitor my RT installation for unauthorized changes. I can use an
intrusion tool to detect changes to the files (AIDE, Tripwire, etc), but I’m
interested in changes to objects that are stored in the database itself
(e.g. global scrips, templates, custom fields).
I suppose I could keep a reference copy of the various tables I’m interested
in monitoring, and periodically compare the lastupdated field values; If
something doesn’t match, launch additional queries to find who made the
change (lastupdatedby) and what was changed (diffs on the key data fields
like custompreparecode). This sounds VERY CPU intensive however.
Alternatively, I might be able to use database trigger functions but I’d
prefer not to start messing with the DB schema.
Has anyone implemented a solution for a similar requirement, or can offer
Manager, Desktop Support Group and Helpline - IITS