Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: A simple intrusion detection script
Top Forums Shell Programming and Scripting A simple intrusion detection script Post 302294996 by otheus on Friday 6th of March 2009 09:45:05 AM
Old 03-06-2009
MySQL A simple intrusion detection script
If you have a very static Linux server and you want to make sure it's not messed with, here's a simple script that will tell you if any files have been tampered with. It's not as fancy or as secure as tripwire or those others, but it is very simple. It can be easily adapted to any *NIX OS.

Code:
#!/bin/sh
## How often to run (in seconds)
PERIOD=3600

## Any files or directories that always change, add here:
EXCLUDE="/proc/ /sys/ /dev/ /var/log /var/run/ /var/lock/ /var/cache/ /var/tmp/ /tmp/ /var/lib/ldap/"
EXCLUDE="$EXCLUDE /var/spool/ /etc/prelink.cache /etc/ld.so.cache /var/lib/logrotate.status /var/lib/slocate/"
EXCLUDE="$EXCLUDE /.*\.viminfo /var/lib/md5sigs"

SIGS=/var/lib/md5sigs
TEMP=/tmp/sigs-$$

umask 077
#
while true; do 

# calculate md5sum of all files not in EXCLUDE
exclude_re=`echo "^("$EXCLUDE")" | sed 's/  */|/g'`
find / -type f -print 2>/dev/null |
        grep -Ev "$exclude_re" |
        LC_ALL=C sort |
        xargs md5sum 2>/dev/null  >$TEMP

# Compare against existing database (or use this one for new database)
if test -f /root/.md5sigs ;then
        diff -w -h $SIGS $TEMP  >$TEMP.diff
        if [ -s $TEMP.diff ]; then
           mail -s "File scan Report" root <$TEMP.diff
           exit 1
        fi
        rm -f $TEMP $TEMP.diff
else
        mv $TEMP $SIGS
        echo "No prior existing report."
fi

sleep $PERIOD
done

# Copyright 2009 by Otheus, licensed under GNU v2 Public License

Last edited by otheus; 04-15-2009 at 06:11 AM.. Reason: added umask setting per follow-up posts
 

6 More Discussions You Might Find Interesting

1. Cybersecurity

Intrusion Detection - System Call Introspection

can u give me a code for host based intrusion detection using system call introspection... (5 Replies)
Discussion started by: aravind007
5 Replies

2. Shell Programming and Scripting

key detection in a script

Heloo every one I want to write a script that detects a key press and mouse click and movement,but I dont know how. The second one is I want to run myscript without writing the shell ie not "sh script.sh" but "script.sh" Can you help me out of here? Thanks in advance. (9 Replies)
Discussion started by: enoch99
9 Replies

3. Shell Programming and Scripting

File detection then run script

I am currently running 4 scripts to complete a job for me. Each script requires the finished file of the one before it. For example the first script gets the finished file called model.x, then i would like script2 to start in and use model.x as the input and get model_min.x as the finished... (5 Replies)
Discussion started by: olifu02
5 Replies

4. Shell Programming and Scripting

need bash script Intrusion Detection on Linux

Hello all I have a script but I failed on the creation of Script is any is carried out in the shell sends the owner of the server, the message is has been implemented For example, functioned as a detection system intruders but in smaller Is it possible to help if you allow I want the... (4 Replies)
Discussion started by: x-zer0
4 Replies

5. Programming

Parallel Processing Detection and Program Return Value Detection

Hey, for the purpose of a research project I need to know if a specific type of parallel processing is being utilized by any user-run programs. Is there a way to detect whether a program either returns a value to another program at the end of execution, or just utilizes any form of parallel... (4 Replies)
Discussion started by: azar.zorn
4 Replies

6. Shell Programming and Scripting

Help making simple perl or bash script to create a simple matrix

Hello all! This is my first post and I'm very new to programming. I would like help creating a simple perl or bash script that I will be using in my work as a junior bioinformatician. Essentially, I would like to take a tab-delimted or .csv text with 3 columns and write them to a "3D" matrix: ... (16 Replies)
Discussion started by: torchij
16 Replies

LEARN ABOUT DEBIAN

update-rcconf-guide

UPDATE-RCCONF-GUIDE(8)						 Debian GNU/Linux					    UPDATE-RCCONF-GUIDE(8)

NAME

       update-rcconf-guide - Create default guide file for rcconf

SYNOPSIS

       update-rcconf-guide

DESCRIPTION

       Update-rcconf-guide creates the default guide file which rcconf uses.

       Update-rcconf-guide searches the package names corresponding to each service file in /etc/init.d directory from dpkg info
       files(/var/lib/dpkg/info/*.list) and get the description of these packages using apt-cache. Update-rcconf-guide uses Short-Description in
       priority to the description if service files has Short-Description field.  Update-rcconf-guide writes those results to
       /var/lib/rcconf/guide.default file.

       You can write your own guide in user guide file(/var/lib/rcconf/guide) by hand.	Rcconf refers Guides in /var/lib/rcconf/guide before those
       in /var/lib/rcconf/guide.default.

       If you install some packages after executed update-rcconf-guide, you need to re-create this file using update-rcconf-guide so as to refresh
       guide.default that includes new guides for installed new services.

       Notice: update-rcconf-guide was not executed when you installed rcconf
	       package.

FILE

       /var/lib/rcconf/guide.default
	       Guide File update-rcconf-guide generates.

       /var/lib/rcconf/guide
	       Guide File user(Administrator) can define.

SEE ALSO

       rcconf(8)

AUTHOR

       Atsushi KAMOSHIDA <kamop@debian.org>

perl v5.10.1							    2009-01-21						    UPDATE-RCCONF-GUIDE(8)
All times are GMT -4. The time now is 09:17 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy