HPE Community
Operating System - HP-UX
1834928 Members
2527 Online
110071 Solutions
New Discussion

Re: Some Scripting help

 
SOLVED
Go to solution
Joyce Suganthy
Advisor

‎09-01-2003 05:45 PM

‎09-01-2003 05:45 PM

Some Scripting help

Hi All,

Need a favour, I am in the midst of planning to write a script that will send a mail everytime the size or the permission or the timestamp or the owner or the group of a file changes. Any idea how this can be done, as I have many files to monitor for changes.

Thanks a lot

regards
0 Kudos
Reply
12 REPLIES 12
Tim Adamson_1
Honored Contributor

‎09-01-2003 06:23 PM

‎09-01-2003 06:23 PM

Re: Some Scripting help

You would need something to compare it against in the firstplace.

Maybe write a script that collects the required information for each file and stores it somewhere and can be the "master" file.

Then your script can collect the information again, save it in a temporary file and you can use diff or comm to compare the original with the current and report any differences.

Just an idea.


Tim
Yesterday is history, tomorrow is a mystery, today is a gift. That's why it's called the present.
0 Kudos
Reply
Rob_132
Regular Advisor

‎09-01-2003 06:32 PM

‎09-01-2003 06:32 PM

Re: Some Scripting help

Create a baseline (run once, interactively):

for a in file1 file2 file3 file4
do
ll $a >> /tmp/Last.ll
done


Then your compare script, in a cron:

for a in file1 file2 file3 file4
do
ll $a >> /tmp/Now.ll
done

> Diff.ll
Ch=`diff /tmp/Last.ll /tmp/Now.ll|wc -l`
if [ $Ch !ne "0"]
then
diff /tmp/Last.ll /tmp/Now.ll >> Diff.ll
mailx -f "/tmp/Diff.ll" you@here.com
cp /tmp/Now.ll /tmp/Last.ll
fi

****

Final debug/tweaks up to you - I cannot get to my UX server right now....

Hope this helps!
Rob
0 Kudos
Reply
Rob_132
Regular Advisor

‎09-01-2003 06:35 PM

‎09-01-2003 06:35 PM

Re: Some Scripting help

...the best way to proof-read something is to FIRST send it to the world.... Try this instead as the compare script.

Rob

****

Then your compare script, in a cron:

> /tmp/Now.ll
for a in file1 file2 file3 file4
do
ll $a >> /tmp/Now.ll
done

> /tmp/Diff.ll
Ch=`diff /tmp/Last.ll /tmp/Now.ll|wc -l`
if [ $Ch !ne "0"]
then
diff /tmp/Last.ll /tmp/Now.ll >> /tmp/Diff.ll
mailx -f "/tmp/Diff.ll" you@here.com
cp /tmp/Now.ll /tmp/Last.ll
fi
0 Kudos
Reply
Bhuvaneswari Selvaraj
Valued Contributor

‎09-01-2003 08:33 PM

‎09-01-2003 08:33 PM

Re: Some Scripting help

A small script like the following should do:

script: (Assuming that u save it as "script" )

while read i
do
a=`echo $i | awk '{print $9}'`
b=`ll $a`
if [[ $b != $i ]]
then
echo $a "has changed"
fi
done

test file: (assuming that u ssave it as "test" )
-r-xr-xr-x 1 bin bin 1415 Jul 24 06:10 .profile
-rw------- 1 root root 22 Aug 27 06:08 .rhosts
-rw------- 1 root sys 6014 Sep 2 00:03 .sh_history
-rw-rw-rw- 1 root sys 0 Jul 25 01:25 devnull
-rw-rw-rw- 1 root sys 1043 Jul 14 08:14 mbox
-rwxrwxrwx 1 root sys 107 Sep 2 00:02 script
-rw-rw-rw- 1 root sys 0 Sep 2 00:03 test
-rwxrwxrwx 1 root sys 32768 Jul 21 08:28 trapd
-rw-r----- 1 root sys 6796 Jul 21 08:27 trapd.c

This the ll output of the files that you want to montior. Ensure that the file name is a fully qualified filename with the full path. Do a ll of the files that you want to monitor from the '/' dir and save them sequentially in the test file.

Now execute this as
./script < test
(I assume that script & test are in the same dir, if not, invoke them with the proper full path of both)

Put this script in cron and execute this to send a mail to you...

echo $a "has changed" - You can change this to mailx command to have the script mail to you...
0 Kudos
Reply
hein coulier
Frequent Advisor

‎09-01-2003 11:15 PM

‎09-01-2003 11:15 PM

Re: Some Scripting help

there's also a product named 'tripwire' that provides this functionality (if my memory serves me well).
0 Kudos
Reply
TOMAS BERNABEU
Frequent Advisor

‎09-01-2003 11:25 PM

‎09-01-2003 11:25 PM

Re: Some Scripting help



use find . example :

find $PATH -cmin -1 -print 1>/tmp/files.txt

use cron avery minute for this example, and you can add mail command to send file content.

Tom
0 Kudos
Reply
john korterman
Honored Contributor

‎09-02-2003 02:07 AM

‎09-02-2003 02:07 AM

Re: Some Scripting help

Hi,

as already said, you need a file list for comparison, e.g. this three-lined example:

-rw-r--r-- 1 jxk users 8 Sep 2 11:14 /tmp/jxk/flipflip
-rw-rw-rw- 1 root sys 16 Sep 2 11:14 /home/jxk/flipflap
-rw-r--r-- 1 jxk users 33 Sep 2 11:15 /home/jxk/blipblop


The attached script can make use of a list like the above. Admitted, the script is a bit crude, as it only echoes when you need to do some sendmail activity.
The script will also react to differences in link numbers (unrequested), and the file list is updated every time: not particularly practical, but may serve as a starting point.

regards,
John K.

it would be nice if you always got a second chance
Reply
Hai Nguyen_1
Honored Contributor

‎09-02-2003 06:49 AM

‎09-02-2003 06:49 AM

Re: Some Scripting help



You can use HP proprietary commands mkpdf to build a base line and pdfck to compare the base line against the current state of the system. man mkpdf and pdfck for more info and examples.

Hai
0 Kudos
Reply
Joyce Suganthy
Advisor

‎09-04-2003 08:00 PM

‎09-04-2003 08:00 PM

Re: Some Scripting help

Hi All,

Thanks for the help

John,
I have followed your way or finding the difference, but the script also gives the email alert if there is a difference in size change for a particular file, how do i check only change is the file permission, user and group... please help

0 Kudos
Reply
Ollie R
Respected Contributor

‎09-04-2003 09:50 PM

‎09-04-2003 09:50 PM

Re: Some Scripting help

Hi Joyce,

If you want a full-blown intrusion detection system, take a look at IDS/9000 which is available from HP for free:
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=J5083AA

If your requirement does not justify such fuss, then modify the scripts the others have suggested to run the appropriate command. Most of your information is available using the "ll" command. Other then this, you might have to write a little perl routine or shell script to get exactly what you're looking for.

Hope this helps,

Ollie.
To err is human but to not award points is unforgivable
0 Kudos
Reply
john korterman
Honored Contributor

‎09-05-2003 12:26 AM

‎09-05-2003 12:26 AM

Solution

Re: Some Scripting help

Hi again Joyce,

the modified, attached script looks only at permissions, user, and group. It assumes that these three items of information are present in $FILENAME in the mentioned order, followed by full_path_filename. Example of three lines from $FILENAME:

-rw-r--r-- jxk users /tmp/jxk/flipflip
-rw-rw-rw- root sys /home/jxk/flipflap
-rw-r--r-- jxk users /home/jxk/blipblop

Empty lines are not permitted in $FILENAME.
However, I would not base my career on this script. Where are the perl one-liners?

regards,
John K.
it would be nice if you always got a second chance
Reply
Joyce Suganthy
Advisor

‎09-08-2003 11:54 PM

‎09-08-2003 11:54 PM

Re: Some Scripting help

thanks alot for all of your help. I managed...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.