monitoring /tmp and /var/tmp for suspicous activity


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers monitoring /tmp and /var/tmp for suspicous activity
# 1  
Old 12-26-2003
monitoring /tmp and /var/tmp for suspicous activity

Hello,

does anyone have a script that can check the contents of the /tmp directory and for example e-mail the directory content if anything other than session files are present?

Maybe there are better ways to monitor suspicous /tmp and /var/tmp activity, if so I'm listening Smilie
# 2  
Old 12-26-2003
I could think of this simple method

i=`ls -1 /tmp /var/tmp | wc -l`

while [ true ]
do
sleep 1
j=`ls -1 /tmp /var/tmp | wc -l`
if [ $j -gt $i ]
then
echo "A new file has been created"
exit 1
fi
done


Regards
JK
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. HP-UX

Problems after deleting /var/tmp

Hi, To clear up the filesystem, I archived /var/tmp (forgot that this directory was important for crontab), and then deleted the directory itself. After that there were problems like crontab not accessible, certain ftp commands like mget not functioning, and worst there were some scripts which... (4 Replies)
Discussion started by: anaigini45
4 Replies

2. Red Hat

[Errno 22] invalid mode ('w') or filename: '//var/lib/yum/rpmdb-indexes/conflicts.tmp'

Can anyone help me with this error? sudo yum install perl-Gtk2-WebKit Loaded plugins: langpacks, presto, refresh-packagekit, versionlock Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package perl-Gtk2-WebKit.i686 0:0.09-1.fc15 will be installed -->... (0 Replies)
Discussion started by: cokedude
0 Replies

3. Solaris

urgent: single-user-mode, /var/tmp read-only

this is the situation: Power outage. Root mirror (svm). it goes to single-user-mode, asking for fsck. Fsck suceeds for one disk, but fail for the other. I can't use vi-editor, it says /var/tmp/Xz12a is a read-only file system. I need to break the mirror, there's no copy of... (2 Replies)
Discussion started by: Sun Fire
2 Replies

4. Linux

/var/tmp/slapd.log.swp delete?

Hi All, Can I delete the above file? It's big, about 1G. It's on a redhat ent 4 with ldap on it. Is that safe to delete? It wasn't been used for already a month and it's in the backup storage. Thanks for any comment you may add. (1 Reply)
Discussion started by: itik
1 Replies

5. Solaris

cannot cd /tmp.

Hi All, There's a /tmp. folder on my solaris 9. I can't cd on it bash-2.05# uname -a SunOS cads105ctce 5.9 Generic_122300-30 sun4u sparc SUNW,Sun-Fire-V890 bash-2.05# cd /tmp. bash: cd: /tmp.: No such file or directory bash-2.05# ls -la /tmp. /tmp.: No such file or directory ... (5 Replies)
Discussion started by: itik
5 Replies

6. Solaris

permission of /var/tmp

what's the impact if I change /var/tmp's permission into 750? (7 Replies)
Discussion started by: a2156z
7 Replies

7. Solaris

Usage of /var/tmp/ directory on Solaris 10

Hi All, I have some threaded applications. Design of the application is such that one thread will decode some data and put it in data structure, And main thread will wait for another child threads pick up the decoded data. The data will be large decoded files. Once decoded data is picked by... (1 Reply)
Discussion started by: patilmuragesh
1 Replies

8. UNIX for Dummies Questions & Answers

default permission of /var/tmp in AIX

I'm getting an error when trying to vi my .profile. This is the first time I've logged onto this machine and apparently its rarely logged into. I'm assuming from the error that it's a permissions problem in the /var/tmp directory. Can anyone assist? $ uname -a AIX machine 1 5 000D96BF4C00 $... (3 Replies)
Discussion started by: dangral
3 Replies

9. UNIX for Dummies Questions & Answers

/tmp is missing ????

Hi, When I type mail command i get the following error : /tmp/Rx7678 : No such file or directory If I try to use the man, i also get an error related to /tmp. I looked at my other servers and found this /tmp file, looked inside it and found that it has some files related to... (1 Reply)
Discussion started by: BAM
1 Replies

10. UNIX for Advanced & Expert Users

Process responsible for filling up /var/tmp

Hi, Help ! - I have a process which I cannot find that is writing to /var/tmp every 10 minutes and filling up my partition, it is also filling up my wtmpx file. I have some software error correction for a faulty DIMM at the moment - is this likely to be causing this as well as over-loading my... (3 Replies)
Discussion started by: Mal
3 Replies
Login or Register to Ask a Question