HPE Community
Operating System - HP-UX
1836660 Members
2213 Online
110102 Solutions
New Discussion

Re: Proactively Email when I file is edited

 
SOLVED
Go to solution
Nellian Solaiappan
Frequent Advisor

‎03-17-2005 02:32 PM

‎03-17-2005 02:32 PM

Proactively Email when I file is edited

Hi All
I need to nominate certain files as CRITICAL files (eg. /etc/passwd)and these files need to be monitored in such a way that when ever a change happens to these files, an email needs to go to a group. That is if somebody does a vipw and saves some changes, an email needs to go out saying that the user Foo chaned the file /etc/passwd at such and such time. Please note that I do not want to do a time stamp check by listing the file.

I Will greatly appreciate any help.

Regards
0 Kudos
12 REPLIES 12
Joseph Loo
Honored Contributor

‎03-17-2005 05:05 PM

‎03-17-2005 05:05 PM

Re: Proactively Email when I file is edited

hi,

you may like to run tripwire which was previously free but now a commercial product:

http://www.tripwire.com/

or visit AIDE:

http://www.cs.tut.fi/~rammer/aide.html

which is a free replacement for Tripwire.

regards.
what you do not see does not mean you should not believe
0 Kudos
Peter Godron
Honored Contributor

‎03-17-2005 06:30 PM

‎03-17-2005 06:30 PM

Solution

Re: Proactively Email when I file is edited

Hi,
you could replace /usr/bin/vi with a wrapper script that checks against a list of files and then emails.
If the files are critical it may also be worthwhile to set the permissions to allow only root to write.
Regards
0 Kudos
Fred Martin_1
Valued Contributor

‎03-21-2005 03:19 AM

‎03-21-2005 03:19 AM

Re: Proactively Email when I file is edited

Consider keeping a copy of the critical files in a seperate admin folder.

Have a script run every 1/2 hour or so, which compares the real files against the copies.

When it sees a difference, send the email, then copy in the new file as an update.

This isn't very elegant and won't tell you who was in there; and if timing is critical it won't catch activity between the 1/2 hour checks.

But it's a quick no-cost solution.

I do this so I can track changes to critical files while I'm away on vacation etc.
fmartin@applicatorssales.com
0 Kudos
Fred Martin_1
Valued Contributor

‎03-21-2005 03:33 AM

‎03-21-2005 03:33 AM

Re: Proactively Email when I file is edited

Also keep in mind the storage location needs to be secure.

Fred
fmartin@applicatorssales.com
0 Kudos
Rick Garland
Honored Contributor

‎03-21-2005 08:25 AM

‎03-21-2005 08:25 AM

Re: Proactively Email when I file is edited

Here is a script that I use. It is a wrapper script for vi that invokes RCS to keep tabs on the special files. These special files you define in the script.

With little modification you can add the 'mailx' command to this script and in addition to RCS control you will have emails as well.

This provides an additional layer of what you are looking for but the script can be easily modified to just send email

0 Kudos
Rick Garland
Honored Contributor

‎03-21-2005 08:28 AM

‎03-21-2005 08:28 AM

Re: Proactively Email when I file is edited

Forgot the script...

(I'm getting senile...)



0 Kudos
Peter Godron
Honored Contributor

‎03-22-2005 12:20 AM

‎03-22-2005 12:20 AM

Re: Proactively Email when I file is edited

Hi Nellian,
any of the answers above solve your problem?
Some feedback would be great.
Thanks
0 Kudos
Nellian Solaiappan
Frequent Advisor

‎03-22-2005 04:00 AM

‎03-22-2005 04:00 AM

Re: Proactively Email when I file is edited

Hi All
Thanks for all your responses. Rick's VI warpper works well for me. :) Thank you rick.
But, is there anyway to track copying, moving of flies without tripwire?
0 Kudos
Steven E. Protter
Exalted Contributor

‎03-22-2005 04:42 AM

‎03-22-2005 04:42 AM

Re: Proactively Email when I file is edited

you can with the ls command create a database of files that are important to you.

then


read -r filename
do
if [ -f $filename ]
then
# check it out with Rick's shell or something
else
# send a nasty email about the missing file
fi


done < database_file


SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
A. Clay Stephenson
Acclaimed Contributor

‎03-22-2005 05:02 AM

‎03-22-2005 05:02 AM

Re: Proactively Email when I file is edited

A vi wrapper is a Mickey Mouse solution. The number of ways that the passwd file can be edited is legion and assumming that it will only be done via vi is not very rigorous. You really need to maintain a database of filenames, mtimes, and cksums and then periodically compare those values to those current values of the files you wish to monitor. Tripwire does this sort of thing for you but you can do it yourself.
If it ain't broke, I can fix that.
0 Kudos
Nellian Solaiappan
Frequent Advisor

‎03-22-2005 05:10 AM

‎03-22-2005 05:10 AM

Re: Proactively Email when I file is edited

Hi Clay
I mentioned passwd as an example. I do have some other files which I need to monitor proactively and be notified when some change happens.
I do understand that for a complete and foll proof file Monitoring I need Tripwire. Thanks guys for all your wonderful suggestions.
0 Kudos
Nellian Solaiappan
Frequent Advisor

‎03-22-2005 05:18 AM

‎03-22-2005 05:18 AM

Re: Proactively Email when I file is edited

Thanks guys. I have decided to user the vi wrapper and come up with a database of my own for the files that I need to monitor.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.