Operating System - HP-UX
1834395 Members
2883 Online
110066 Solutions
New Discussion

Re: Proactively Email when I file is edited

 
SOLVED
Go to solution
Nellian Solaiappan
Frequent Advisor

Proactively Email when I file is edited

Hi All
I need to nominate certain files as CRITICAL files (eg. /etc/passwd)and these files need to be monitored in such a way that when ever a change happens to these files, an email needs to go to a group. That is if somebody does a vipw and saves some changes, an email needs to go out saying that the user Foo chaned the file /etc/passwd at such and such time. Please note that I do not want to do a time stamp check by listing the file.

I Will greatly appreciate any help.

Regards
12 REPLIES 12
Joseph Loo
Honored Contributor

Re: Proactively Email when I file is edited

hi,

you may like to run tripwire which was previously free but now a commercial product:

http://www.tripwire.com/

or visit AIDE:

http://www.cs.tut.fi/~rammer/aide.html

which is a free replacement for Tripwire.

regards.
what you do not see does not mean you should not believe
Peter Godron
Honored Contributor
Solution

Re: Proactively Email when I file is edited

Hi,
you could replace /usr/bin/vi with a wrapper script that checks against a list of files and then emails.
If the files are critical it may also be worthwhile to set the permissions to allow only root to write.
Regards
Fred Martin_1
Valued Contributor

Re: Proactively Email when I file is edited

Consider keeping a copy of the critical files in a seperate admin folder.

Have a script run every 1/2 hour or so, which compares the real files against the copies.

When it sees a difference, send the email, then copy in the new file as an update.

This isn't very elegant and won't tell you who was in there; and if timing is critical it won't catch activity between the 1/2 hour checks.

But it's a quick no-cost solution.

I do this so I can track changes to critical files while I'm away on vacation etc.
fmartin@applicatorssales.com
Fred Martin_1
Valued Contributor

Re: Proactively Email when I file is edited

Also keep in mind the storage location needs to be secure.

Fred
fmartin@applicatorssales.com
Rick Garland
Honored Contributor

Re: Proactively Email when I file is edited

Here is a script that I use. It is a wrapper script for vi that invokes RCS to keep tabs on the special files. These special files you define in the script.

With little modification you can add the 'mailx' command to this script and in addition to RCS control you will have emails as well.

This provides an additional layer of what you are looking for but the script can be easily modified to just send email

Rick Garland
Honored Contributor

Re: Proactively Email when I file is edited

Forgot the script...

(I'm getting senile...)



Peter Godron
Honored Contributor

Re: Proactively Email when I file is edited

Hi Nellian,
any of the answers above solve your problem?
Some feedback would be great.
Thanks
Nellian Solaiappan
Frequent Advisor

Re: Proactively Email when I file is edited

Hi All
Thanks for all your responses. Rick's VI warpper works well for me. :) Thank you rick.
But, is there anyway to track copying, moving of flies without tripwire?
Steven E. Protter
Exalted Contributor

Re: Proactively Email when I file is edited

you can with the ls command create a database of files that are important to you.

then


read -r filename
do
if [ -f $filename ]
then
# check it out with Rick's shell or something
else
# send a nasty email about the missing file
fi


done < database_file


SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
A. Clay Stephenson
Acclaimed Contributor

Re: Proactively Email when I file is edited

A vi wrapper is a Mickey Mouse solution. The number of ways that the passwd file can be edited is legion and assumming that it will only be done via vi is not very rigorous. You really need to maintain a database of filenames, mtimes, and cksums and then periodically compare those values to those current values of the files you wish to monitor. Tripwire does this sort of thing for you but you can do it yourself.
If it ain't broke, I can fix that.
Nellian Solaiappan
Frequent Advisor

Re: Proactively Email when I file is edited

Hi Clay
I mentioned passwd as an example. I do have some other files which I need to monitor proactively and be notified when some change happens.
I do understand that for a complete and foll proof file Monitoring I need Tripwire. Thanks guys for all your wonderful suggestions.
Nellian Solaiappan
Frequent Advisor

Re: Proactively Email when I file is edited

Thanks guys. I have decided to user the vi wrapper and come up with a database of my own for the files that I need to monitor.