kcraighead Posted December 22, 2009 Share Posted December 22, 2009 I am keen to improve the security on my servers. I want to be able to monitor my hosting account to find out if any new files or directories have been created or changed. If so, I want an emailed sent to me so I can check it out. I have done a bit of digging and it looks like a possible solution would be a shell script. I am clueless about these but I have cobbled together a script that runs daily. All it does is scan for any new/changed files or directories then puts the result in a file which is emailed to me. I would like to improve the script so that it monitors for new files more often than daily - perhaps hourly - and sends an email only when a change is detected. This will ensure that I get less emails and they are only sent when something has changed. My questions are: 1. Has anyone written a script like this I could use? 2. Is there a tool I could buy that could perform this action that I could install on TCH servers (I saw tripwire mention on my travels round the web)? Any help would be appreciated! Quote Link to comment Share on other sites More sharing options...
OJB Posted December 22, 2009 Share Posted December 22, 2009 Do you have a shared/reseller account or a dedicated box? I don't think you can execute custom shell scripts on shared hosting packages as there is no SSH access to the box, so I believe the only way to do this would be on a dedicated server. As far as the script itself goes, I've never coded a shell script so can't even begin to suggest one. Quote Link to comment Share on other sites More sharing options...
kcraighead Posted December 22, 2009 Author Share Posted December 22, 2009 I have a reseller account rather than a dedicated box. I have managed to setup cron jobs which monitor files/directories so I thought that there might be a commercial product that does something similar - but better! Quote Link to comment Share on other sites More sharing options...
OJB Posted December 22, 2009 Share Posted December 22, 2009 You could probably write a PHP script which would run through your directories and finds the last modified date of all the files (using filemtime) and if (for example you are running this via a cron every hour) the last modified time is less than an hour ago (i.e. it has changed since the last time the cron ran) it would put the name of it in an email and send it. I would offer to build this script for you as I am a PHP developer, however I don't have the time to do this at the moment. Quote Link to comment Share on other sites More sharing options...
kcraighead Posted December 22, 2009 Author Share Posted December 22, 2009 Found this script that looks like it may do the job: Monitor Changes Script Setup a cron job to run every 15 minutes but it is generating errors at the moment - probably due to invalid paths and file permissions. Fingers crossed I'll get it working! Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted December 22, 2009 Share Posted December 22, 2009 Do you really need to run it every 15 minutes? If you have lots of files it's going to take time and resources to do the testing. But that script should give you what you want. Quote Link to comment Share on other sites More sharing options...
kcraighead Posted December 22, 2009 Author Share Posted December 22, 2009 I'll probably run it far less - probably every 4 hours - but the default in the script is 15 minutes. Quote Link to comment Share on other sites More sharing options...
TCH-Dick Posted December 22, 2009 Share Posted December 22, 2009 No need for that messy script, just create the following cron > 0 */4 * * * find /home/your_cpanel_user/public_html -type f -mmin -240 | xargs -r ls -l This will run every 4 hours checking for any files that were changed/created in the last 4 hours. It will then output the file permissions, owner, timestamp, and path, which will be sent in the cron notice email. If there are no changes then no email will be sent. Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted December 22, 2009 Share Posted December 22, 2009 Nice one Dick! Quote Link to comment Share on other sites More sharing options...
OJB Posted December 23, 2009 Share Posted December 23, 2009 (edited) No need for that messy script, just create the following cron > 0 */4 * * * find /home/your_cpanel_user/public_html -type f -mmin -240 | xargs -r ls -l This will run every 4 hours checking for any files that were changed/created in the last 4 hours. It will then output the file permissions, owner, timestamp, and path, which will be sent in the cron notice email. If there are no changes then no email will be sent. That's nice work! I am still a relative novice at unix commands etc, could you explain how that works? I know how the crontab configuration works for running it every four hours. Then I guess it finds in the public_html files (designated by -type f) where the modified time is > -240 seconds (-mmin -240) and then you pipe it to something, ls -l creates a list doesn't it in a similar way it creates a directory listing if you use it on the command line? I've not seen or used xargs before, what is it and is -r recursive or is it some other parameter? Sorry, I like upping my unix command game. It comes in handy at work. Edited December 23, 2009 by OJB Quote Link to comment Share on other sites More sharing options...
kcraighead Posted December 23, 2009 Author Share Posted December 23, 2009 Wow! That is cool! Will add it to all of my hosting accounts so that I get any updates sent to me over the holiday period. Thanks! Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted December 23, 2009 Share Posted December 23, 2009 I guess it finds in the public_html files (designated by -type f) where the modified time is > -240 seconds (-mmin -240) Yes, although 240 mins ( 4 hours) rather than 240 seconds - I think that was probably just a typo on your part though and then you pipe it to something, Correct, so it then passes the list of files to the command following the pipe ls -l creates a list doesn't it in a similar way it creates a directory listing if you use it on the command line? Correct, it's a directory listing (ls) in long listing format (-l) I've not seen or used xargs before, what is it and is -r recursive or is it some other parameter? Basically it adds the arguments passed to it to the end of the command, or swaps (x) the order of the command and arguments if you prefer to think of it that way. So in this case it adds each file found (one at a time) to the command for the long listing ( ls -l). Spaces or other characters (such as brackets in the file name) will be needed to be treated carefully though, otherwise they will appear as separate arguments in the ls command The -r tells the xarg command to only run if it is passed data. i.e. if there were no files found ( hence nothing passed to it) it would not run. Sorry, I like upping my unix command game. It comes in handy at work. Don't be sorry, learning new skills, or improving skills is always good Quote Link to comment Share on other sites More sharing options...
OJB Posted December 23, 2009 Share Posted December 23, 2009 Thanks Andy, that is awesome. Much appreciated. This may well come in handy at work and home.. Quote Link to comment Share on other sites More sharing options...
kcraighead Posted December 24, 2009 Author Share Posted December 24, 2009 Is there a way to search all of the directories but to miss one directory out (I have a cache directory that is always being updated so I am emailed every 4 hours with changes that are not important)? Quote Link to comment Share on other sites More sharing options...
TCH-Dick Posted December 24, 2009 Share Posted December 24, 2009 Is there a way to search all of the directories but to miss one directory out (I have a cache directory that is always being updated so I am emailed every 4 hours with changes that are not important)? Yes this can be done, just use the following: >find /home/your_cpanel_user/public_html ! -wholename '*/cache/*' -type f -mmin -240 -print0 | xargs -0 -r ls -l I also changed it a bit to deal with file names that have spaces. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.