HPE Community
Operating System - Linux
1823077 Members
3411 Online
109645 Solutions
New Discussion юеВ

Shell Script for file monitoring

 
SOLVED
Go to solution
Sreejith Kumar
Occasional Contributor

тАО09-19-2007 07:00 PM

тАО09-19-2007 07:00 PM

Shell Script for file monitoring

Hi,

I want to monitor a file and whenever it gets changed we should receive email notification regarding the same.

For example: i want to monitor the file name "/etc/passwd". Once it is found that
the file is got changed then it should send email notification to Admin.

Can any one suggest shell script for this ?

Thanks,
Sreejith
0 Kudos
8 REPLIES 8
Oviwan
Honored Contributor

тАО09-19-2007 07:18 PM

тАО09-19-2007 07:18 PM

Re: Shell Script for file monitoring

Hey

check the time of the file with one of those commands:

ls -l file (modification time)
ls -lc file (change time)
ls -lu file (access time)

then compare it with the results of the check before, e.g. you check it each hour...

if its's not the same time, send a mail.

hope this helps

Regards
0 Kudos
Ernesto Cappello
Trusted Contributor

тАО09-19-2007 07:53 PM

тАО09-19-2007 07:53 PM

Re: Shell Script for file monitoring

Hi Sreejith, this is my script:

#!/bin/sh

FILE_DATE=`/bin/ls -al /etc/passwd | /bin/awk '{print $6 $7}'`

DATE=`/bin/date | awk '{print $2 $3}'`

if [ "$FILE_DATE" -eq "$DATE" ]
then
mailx -s "Check File (`hostname`)" name.surname@company.com < /etc/passwd
fi

Best regards.
Ernesto
0 Kudos
Srimalik
Valued Contributor

тАО09-19-2007 08:53 PM

тАО09-19-2007 08:53 PM

Re: Shell Script for file monitoring


#!/usr/bin/sh
CURR=`ls -l /etc/passwd`
while true
do
PREV=CURR;
sleep 1; # check the file every second
CURR=`ls -l /etc/passwd`
if [ PREV != CURR]
then
//Send a mail (read previous reply)
fi
done
############
I have not tested it, Please look for any shell specific errors.

-Sri
abandon all hope, ye who enter here..
0 Kudos
AwadheshPandey
Honored Contributor

тАО09-19-2007 10:47 PM

тАО09-19-2007 10:47 PM

Solution

Re: Shell Script for file monitoring

Hello Sreejith,

Here it comes,

create a backup password file file to some where as per your choice I assume that you have /etc/paswd.old, then schedule script below in crontab as per your requirment.

#!/bin/ksh

typeset -i old_time=`ls -lc /etc/passwd.old |awk '{print $8}'|awk -F: '{print $1$2}'`
typeset -i new_time=`ls -lc /etc/passwd |awk '{print $8}'|awk -F: '{print $1$2}'`

echo "Old Modication Time:" $old_time > tmpfile
echo "New Modification Time:" $new_time >> tmpfile

if (( $old_time != $new_time ));

then

mailx -s "password tmpfile modified" email.id@xyz.com < tmpfile
cp -p /etc/passwd /etc/passwd.old

fi

Regards,

Awadhesh
It's kind of fun to do the impossible
0 Kudos
spex
Honored Contributor

тАО09-20-2007 12:56 AM

тАО09-20-2007 12:56 AM

Re: Shell Script for file monitoring

Hello,

The best solution is to use Tripwire (part of Internet Express), as it is intended for this kind of thing. Set up a "tripwire -m c" cronjob to run as often as you like.

Or you could create a script such as the following:

#!/usr/bin/sh
echo "Comparing /etc/passwd.1 to /etc/passwd"
diff /etc/passwd.1 /etc/passwd
echo "Moving /etc/passwd.1 to /etc/passwd.2"
cp /etc/passwd.1 /etc/passwd.2
echo "Copying /etc/passwd to /etc/passwd.1"
cp /etc/passwd /etc/passwd.1
exit 0

'diff' looks at the contents of a file, not its attributes, which may or may not work for your purposes. Schedule it to run as often as you like.

PCS
0 Kudos
James R. Ferguson
Acclaimed Contributor

тАО09-20-2007 01:05 AM

тАО09-20-2007 01:05 AM

Re: Shell Script for file monitoring

Hi:

I presume that you are using a shadow password file since otherwise normal users changing their password would update '/etc/passwd'. That saiid, however, I'm still puzzled by your question if it is specific to the aforementioned file. If the permissions and ownership on '/etc/passwd' are correctly restricted, only 'root' can modify it. Thus, why would you want to montior potential changes?

Regards!

...JRF...
0 Kudos
Tim Nelson
Honored Contributor

тАО09-20-2007 02:44 AM

тАО09-20-2007 02:44 AM

Re: Shell Script for file monitoring

A thought that may/may not be worth the hassle.

If eventually you would like to do this to support audit and monitor many other files HP IDS9000 does this on a system wide bases as well as other things.

It is free and may be worth looking into.

0 Kudos
Sreejith Kumar
Occasional Contributor

тАО09-20-2007 04:24 PM

тАО09-20-2007 04:24 PM

Re: Shell Script for file monitoring

Fine Awdesh its working
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.