Jump to content

Monitor Hosting Account For Changes


kcraighead

Recommended Posts

I am keen to improve the security on my servers. I want to be able to monitor my hosting account to find out if any new files or directories have been created or changed. If so, I want an emailed sent to me so I can check it out.

 

I have done a bit of digging and it looks like a possible solution would be a shell script. I am clueless about these but I have cobbled together a script that runs daily. All it does is scan for any new/changed files or directories then puts the result in a file which is emailed to me. I would like to improve the script so that it monitors for new files more often than daily - perhaps hourly - and sends an email only when a change is detected. This will ensure that I get less emails and they are only sent when something has changed.

 

My questions are:

 

1. Has anyone written a script like this I could use?

2. Is there a tool I could buy that could perform this action that I could install on TCH servers (I saw tripwire mention on my travels round the web)?

 

Any help would be appreciated! :)

Link to comment
Share on other sites

Do you have a shared/reseller account or a dedicated box? I don't think you can execute custom shell scripts on shared hosting packages as there is no SSH access to the box, so I believe the only way to do this would be on a dedicated server.

 

 

As far as the script itself goes, I've never coded a shell script so can't even begin to suggest one.

Link to comment
Share on other sites

I have a reseller account rather than a dedicated box.

 

I have managed to setup cron jobs which monitor files/directories so I thought that there might be a commercial product that does something similar - but better!

Link to comment
Share on other sites

You could probably write a PHP script which would run through your directories and finds the last modified date of all the files (using filemtime) and if (for example you are running this via a cron every hour) the last modified time is less than an hour ago (i.e. it has changed since the last time the cron ran) it would put the name of it in an email and send it.

 

 

I would offer to build this script for you as I am a PHP developer, however I don't have the time to do this at the moment.

Link to comment
Share on other sites

Found this script that looks like it may do the job:

Monitor Changes Script

 

Setup a cron job to run every 15 minutes but it is generating errors at the moment - probably due to invalid paths and file permissions. Fingers crossed I'll get it working!

Link to comment
Share on other sites

No need for that messy script, just create the following cron

> 0 */4 * * * find /home/your_cpanel_user/public_html -type f -mmin -240 | xargs -r ls -l

 

This will run every 4 hours checking for any files that were changed/created in the last 4 hours. It will then output the file permissions, owner, timestamp, and path, which will be sent in the cron notice email. If there are no changes then no email will be sent.

Link to comment
Share on other sites

No need for that messy script, just create the following cron

> 0 */4 * * * find /home/your_cpanel_user/public_html -type f -mmin -240 | xargs -r ls -l

 

This will run every 4 hours checking for any files that were changed/created in the last 4 hours. It will then output the file permissions, owner, timestamp, and path, which will be sent in the cron notice email. If there are no changes then no email will be sent.

 

 

That's nice work! I am still a relative novice at unix commands etc, could you explain how that works?

 

I know how the crontab configuration works for running it every four hours. Then I guess it finds in the public_html files (designated by -type f) where the modified time is > -240 seconds (-mmin -240) and then you pipe it to something, ls -l creates a list doesn't it in a similar way it creates a directory listing if you use it on the command line? I've not seen or used xargs before, what is it and is -r recursive or is it some other parameter?

 

Sorry, I like upping my unix command game. It comes in handy at work.

Edited by OJB
Link to comment
Share on other sites

I guess it finds in the public_html files (designated by -type f) where the modified time is > -240 seconds (-mmin -240)

 

Yes, although 240 mins ( 4 hours) rather than 240 seconds - I think that was probably just a typo on your part though :tchrocks:

 

and then you pipe it to something,

 

Correct, so it then passes the list of files to the command following the pipe

 

ls -l creates a list doesn't it in a similar way it creates a directory listing if you use it on the command line?

 

Correct, it's a directory listing (ls) in long listing format (-l)

 

I've not seen or used xargs before, what is it and is -r recursive or is it some other parameter?

Basically it adds the arguments passed to it to the end of the command, or swaps (x) the order of the command and arguments if you prefer to think of it that way. So in this case it adds each file found (one at a time) to the command for the long listing ( ls -l). Spaces or other characters (such as brackets in the file name) will be needed to be treated carefully though, otherwise they will appear as separate arguments in the ls command ;)

 

The -r tells the xarg command to only run if it is passed data. i.e. if there were no files found ( hence nothing passed to it) it would not run.

 

Sorry, I like upping my unix command game. It comes in handy at work.

Don't be sorry, learning new skills, or improving skills is always good :)

Link to comment
Share on other sites

Is there a way to search all of the directories but to miss one directory out (I have a cache directory that is always being updated so I am emailed every 4 hours with changes that are not important)?

 

:dance:

Link to comment
Share on other sites

Is there a way to search all of the directories but to miss one directory out (I have a cache directory that is always being updated so I am emailed every 4 hours with changes that are not important)?

 

:dance:

 

Yes this can be done, just use the following:

>find /home/your_cpanel_user/public_html  ! -wholename '*/cache/*' -type f -mmin -240 -print0 | xargs -0 -r ls -l

I also changed it a bit to deal with file names that have spaces.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...