HPE Community
Operating System - HP-UX
1846850 Members
3100 Online
110256 Solutions
New Discussion

Re: Crontab Modification script

 
Kyle D. Harris
Regular Advisor

‎07-07-2003 05:17 AM

‎07-07-2003 05:17 AM

Crontab Modification script

I'm somewhat stumped as to how to write a script sending sendmail to a list of people whenever the crontab has been modified and also sending what the changes were. If anybody can help me out there i'd be greatly appreciated! Thanks!

Kyle Harris
Cpl USMC
Unix Administrator
0 Kudos
Reply
8 REPLIES 8
Dagmar Boelen
Frequent Advisor

‎07-07-2003 05:29 AM

‎07-07-2003 05:29 AM

Re: Crontab Modification script

Hi try the following

crontab -l > filename
diff filename filename.bck > filename_with_differences
#send mail if file is not empty
if [ -s filename_with_difference ]
then
code to sendmail
fi
cp filename filename.bck
rm filename_with_differences

Schedule this script in crontab and let it run
every hour or so
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎07-07-2003 05:44 AM

‎07-07-2003 05:44 AM

Re: Crontab Modification script

I'm not sure you want to do it every hour, but here is how to run the script created in the previous post to sendmail

23 3 * * * /usr/contrib/bin/checkcron 2>&1 | mailx -s "Crontab Check Script" reciepint@usmc.go v

Better yet, in the detect script, only send the email if there has been a change.

Logic

diff crontab.current crontab.stable > /tmp/file

fname=/tmp/file
if [ -s $fname ] then # if file is greater than 0 byes.
mailx -s "Cron has been changed" recipient@usmc.gov
fi

That should work.

Side Note: Thank you for your service. We're proud of our forces here in Chicago.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Kyle D. Harris
Regular Advisor

‎07-07-2003 05:50 AM

‎07-07-2003 05:50 AM

Re: Crontab Modification script

Thanks Steven and Dagmar. I'll try those scripts out now. Hopefully there won't be any differences with UNIX/Redhat Linux...

I do plan on running it every 10 min or so to check for changes in the crontab.

PS. Steven, thanks for the sidenote. I'm originally from Aurora, IL.
0 Kudos
Reply
curt larson_1
Honored Contributor

‎07-07-2003 05:57 AM

‎07-07-2003 05:57 AM

Re: Crontab Modification script

looks like you might be interested in an intrusion detection program. More specifically a file integrity checker.

something like tripwire, although it does much more then what your asking.

IDS/9000 should be able to do this for you also.

By default, IDS/9000 provides templates for matching activity associated with the following types of intrusions/attacks: buffer overflow attack, race condition attack, creation of setuid files, creation of world-writeable files, repeated failed su commands, repeated failed logins, modification of files and directories, changes to log files, modification of another user's files, monitoring the start of interactive sessions and monitoring logins/logouts.

0 Kudos
Reply
Kyle D. Harris
Regular Advisor

‎07-07-2003 06:01 AM

‎07-07-2003 06:01 AM

Re: Crontab Modification script

Steven-
23 3 * * * /usr/contrib/bin/checkcron 2>&1 | mailx -s "Crontab Check .... I understand what this does but what does the 2>&1 do after the script name. & is Background but i'm not sure about the 2> 1 part.... Thanks for the help.
0 Kudos
Reply
Kyle D. Harris
Regular Advisor

‎07-07-2003 06:03 AM

‎07-07-2003 06:03 AM

Re: Crontab Modification script

Curt Larson-
Where can i obtain that program you were talking about? And can it work with Redhat or just HP-UX ?
0 Kudos
Reply
curt larson_1
Honored Contributor

‎07-07-2003 06:14 AM

‎07-07-2003 06:14 AM

Re: Crontab Modification script

2>&1

the x>&y syntax makes standard output (or the file descriptor x) a duplicate of the file descriptor whose number is given by y.

in your case standard error is made a duplicate of standard input, i.e. your scripts error messages will go to the same place as it's ouput, the mail message.

tripwire is a commerial product (it'll cost you), but i do think there is a less capable free opensource version for linux.
www.tripwire.com

IDS/9000 is an hp product, which i believe is only available on HP unix.
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=J5083AA

Hopefully others with more security experience can provide other tools that are available.
0 Kudos
Reply
Brian Markus
Valued Contributor

‎07-07-2003 08:56 PM

‎07-07-2003 08:56 PM

Re: Crontab Modification script

I've found a ton of pre-compiled tools in the past at the HP-UX porting site http://hpux.cs.utah.edu/

I think they might have had an old version of tripwire there, or something much like it. I honestly can't recall. I know they had md5... I wrote my own tripwire type application with that. The code that the others provided you should work just fine. HP-UX comes with a built in chksum tool if you want to just check the file that way. Keep it simple, and document what ever you do. I've written a ton of awesome code that 2 years later I can't remember even how to run. haha.

-Brian.
When a sys-admin say's maybe, they don't mean 'yes'!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.