Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: monitoring /tmp and /var/tmp for suspicous activity
Top Forums UNIX for Dummies Questions & Answers monitoring /tmp and /var/tmp for suspicous activity Post 45620 by jayakhanna on Friday 26th of December 2003 06:59:54 AM
Old 12-26-2003
I could think of this simple method

i=`ls -1 /tmp /var/tmp | wc -l`

while [ true ]
do
sleep 1
j=`ls -1 /tmp /var/tmp | wc -l`
if [ $j -gt $i ]
then
echo "A new file has been created"
exit 1
fi
done


Regards
JK
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Process responsible for filling up /var/tmp

Hi, Help ! - I have a process which I cannot find that is writing to /var/tmp every 10 minutes and filling up my partition, it is also filling up my wtmpx file. I have some software error correction for a faulty DIMM at the moment - is this likely to be causing this as well as over-loading my... (3 Replies)
Discussion started by: Mal
3 Replies

2. UNIX for Dummies Questions & Answers

/tmp is missing ????

Hi, When I type mail command i get the following error : /tmp/Rx7678 : No such file or directory If I try to use the man, i also get an error related to /tmp. I looked at my other servers and found this /tmp file, looked inside it and found that it has some files related to... (1 Reply)
Discussion started by: BAM
1 Replies

3. UNIX for Dummies Questions & Answers

default permission of /var/tmp in AIX

I'm getting an error when trying to vi my .profile. This is the first time I've logged onto this machine and apparently its rarely logged into. I'm assuming from the error that it's a permissions problem in the /var/tmp directory. Can anyone assist? $ uname -a AIX machine 1 5 000D96BF4C00 $... (3 Replies)
Discussion started by: dangral
3 Replies

4. Solaris

Usage of /var/tmp/ directory on Solaris 10

Hi All, I have some threaded applications. Design of the application is such that one thread will decode some data and put it in data structure, And main thread will wait for another child threads pick up the decoded data. The data will be large decoded files. Once decoded data is picked by... (1 Reply)
Discussion started by: patilmuragesh
1 Replies

5. Solaris

permission of /var/tmp

what's the impact if I change /var/tmp's permission into 750? (7 Replies)
Discussion started by: a2156z
7 Replies

6. Solaris

cannot cd /tmp.

Hi All, There's a /tmp. folder on my solaris 9. I can't cd on it bash-2.05# uname -a SunOS cads105ctce 5.9 Generic_122300-30 sun4u sparc SUNW,Sun-Fire-V890 bash-2.05# cd /tmp. bash: cd: /tmp.: No such file or directory bash-2.05# ls -la /tmp. /tmp.: No such file or directory ... (5 Replies)
Discussion started by: itik
5 Replies

7. Linux

/var/tmp/slapd.log.swp delete?

Hi All, Can I delete the above file? It's big, about 1G. It's on a redhat ent 4 with ldap on it. Is that safe to delete? It wasn't been used for already a month and it's in the backup storage. Thanks for any comment you may add. (1 Reply)
Discussion started by: itik
1 Replies

8. Solaris

urgent: single-user-mode, /var/tmp read-only

this is the situation: Power outage. Root mirror (svm). it goes to single-user-mode, asking for fsck. Fsck suceeds for one disk, but fail for the other. I can't use vi-editor, it says /var/tmp/Xz12a is a read-only file system. I need to break the mirror, there's no copy of... (2 Replies)
Discussion started by: Sun Fire
2 Replies

9. Red Hat

[Errno 22] invalid mode ('w') or filename: '//var/lib/yum/rpmdb-indexes/conflicts.tmp'

Can anyone help me with this error? sudo yum install perl-Gtk2-WebKit Loaded plugins: langpacks, presto, refresh-packagekit, versionlock Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package perl-Gtk2-WebKit.i686 0:0.09-1.fc15 will be installed -->... (0 Replies)
Discussion started by: cokedude
0 Replies

10. HP-UX

Problems after deleting /var/tmp

Hi, To clear up the filesystem, I archived /var/tmp (forgot that this directory was important for crontab), and then deleted the directory itself. After that there were problems like crontab not accessible, certain ftp commands like mget not functioning, and worst there were some scripts which... (4 Replies)
Discussion started by: anaigini45
4 Replies

LEARN ABOUT SUSE

faxcron

FAXCRON(8C)															       FAXCRON(8C)

NAME

       faxcron - HylaFAX routine maintenance script

SYNOPSIS

       /usr/sbin/faxcron [ -n ] [ -l lastrun ]

DESCRIPTION

       faxcron	is  a  command	script	that  does  routine upkeep tasks in a HylaFAX spooling directory hierarchy.  This script is intended to be
       invoked from cron(8C) on behalf of the fax user (often the ``fax'' user is uucp) once a day, with the standard output sent by mail  to  the
       HylaFAX administrator.  For example, the following crontab might be set up for the fax user:
	 25   23    *	 *    *   sh /usr/sbin/faxcron | mail FaxMaster

       The faxcron script does the following work:

       o  report statistics for facsimile transmitted since the last time faxcron was run.

       o  report statistics for facsimile transmitted in the past week.

       o  report statistics for facsimile received since the last time faxcron was run.

       o  report statistics for facsimile received in the past week.

       o  report any recent calls that failed suspiciously and return the associated trace log;

       o  purge data that is 30 days or older from the remote machine information directory;

       o  delete information that is 30 days or older from session trace log files;

       o  remove files from the tmp directory that are older than 1 day;

       o  remove files in the received facsimile queue that are 7 days or older;

       o  report sites that are currently having jobs rejected; and

       o  force all session log files to be owned by the fax user and kept with protection mode 644.

OPTIONS

       -n	 Forces faxcron to run without updating any files.

       -l lastrun
		 Forces  the  notion  of  the last time that faxcron was run to be lastrun.  The value of lastrun is a date and time string of the
		 form ``MM/DD/YY HH:MM'' (the date(1) format string ``%D %H:%M'').

       -info n	 Set the expiration time for data in the info database to be n days.

       -log n	 Set the expiration time for session log data to be n days.

       -rcv n	 Set the expiration time for files in the received facsimile queue to be n days.

       -tmp n	 Set the expiration time for files in the tmp directory to be n days.

       -mode m	 Set the file protection mode for session logs to m (a command line argument to chmod(1)).

NOTES

       This script requires nawk(1) or gawk(1) and a date(1) program that supports the ``+format'' option.

       If session logs are to be kept private this script must be modified to filter out sensitive information such as calling card numbers.   (It
       should also be run with ``-mode 0600'' so that session log files are not publicly readable.)

FILES

       /var/spool/fax			  spooling area
       /var/spool/fax/etc/lastrun	  timestamp of last run
       /usr/sbin/xferfaxstats		  for generating transmit statistics
       /usr/sbin/recvstats		  for generating receive statistics
       /var/spool/fax/tmp/faxcronXXXX	  temporary file for truncating session logs
       /var/spool/fax/tmp/faxlogXXXX	  temporary file for logs of failed calls

SEE ALSO

       cron(8C), faxq(8C), faxgetty(8C), faxsend(8C), xferfaxstats(8C), recvstats(8C), hylafax-server(5F)

								   May 12, 1996 						       FAXCRON(8C)
All times are GMT -4. The time now is 05:45 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy