RE: Passwd Change -> Email
From: Bogothy Arpad (ABogothy@PGSM.HU)Date: 09/01/01
- Previous message: Kyle Wheeler: "Re: iptables"
- Next in thread: red0x: "RE: Passwd Change -> Email"
- Reply: red0x: "RE: Passwd Change -> Email"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <05BED32A98DA3D4298ABE474F5C318C55F82@mrxch3.pgsm.hu> From: Bogothy Arpad <ABogothy@PGSM.HU> To: 'Administrator' <lists@digitalplace.org>, focus-linux@securityfocus.com Subject: RE: Passwd Change -> Email Date: Sat, 1 Sep 2001 10:30:14 +0200
Hi
I've wrote a little script for you. With it U can monitor any file changes
without a full copy of your files. You need a script named dircheck.pl
(below). You need a dir in script's dir named tmp.
You can run this script:
dircheck.pl targetdir=<targetdir of file you want to monitor>
invfile=<invfile name>
Example: dircheck.pl targetdir=/etc invfile=etc
Let's test...
Arpad Bogothy
*******************************************************
#!/usr/bin/perl
$hostname = $ENV{HOSTNAME};
$alert="$hostname : dircheck : ";
$targetdir="./";
$tempdir="tmp";
$invfile="inventory";
foreach $parm (@ARGV) {
@cmdparamsplit=split(/=/,$parm);
$splitnum=@cmdparamsplit;
if ($splitnum) {
$varname=@cmdparamsplit[0];
$var=@cmdparamsplit[1];
$$varname=$var;
}
}
$oldfile=".".$invfile;
$newfile=$invfile;
@mvresult=`mv $tempdir/$newfile $tempdir/$oldfile`;
@findresult=`find $targetdir > $tempdir/.tmp.$invfile`;
open(TMP,"$tempdir/.tmp.$invfile");
open(INV,">$tempdir/$newfile");
@fsarr=<TMP>;
foreach $filename (@fsarr) {
chomp($filename);
($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,$blks
ize,$blocks)
= stat($filename);
print INV "$mode,$nlink,$uid,$gid,$size,$mtime,$ctime,$filename\n";
# print "$mode,$nlink,$uid,$gid,$size,$mtime,$ctime,$filename\n";
}
close(INV);
close(TMP);
if (-e "$tempdir/$oldfile") {
@diffresult = `diff $tempdir/$oldfile $tempdir/$newfile | grep ">"`;
}
$difflines=@diffresult;
$alert=$alert." $targetdir ,";
if ($difflines) {
$alert=$alert."1";
foreach $line (@diffresult) {
@linepart=split(/,/,$line);
chop(@linepart[7]);
$alert=$alert.",".@linepart[7];
}
print "$alert\n";
}
if (!$difflines) {
print "$alert 0\n";
}
-----Original Message-----
From: Administrator [mailto:lists@digitalplace.org]
Sent: Friday, August 31, 2001 5:29 AM
To: focus-linux@securityfocus.com
Subject: Passwd Change -> Email
I am wondering if anyone has a program that will set a linux computer to
email to a specified account when the passwd/shadow file changes. I
have a linux box that I do not use everyday, and is a single hole in a
firewall. The only port open is ssh and I want the box to email me if
the password file changes. If anybody has an app that can do this I
would be very appreciative. Thank you.
Michael
- Previous message: Kyle Wheeler: "Re: iptables"
- Next in thread: red0x: "RE: Passwd Change -> Email"
- Reply: red0x: "RE: Passwd Change -> Email"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
