-
-
Save anvanvan/cfb89e452bf91e0df060fad03986b614 to your computer and use it in GitHub Desktop.
Bash script to detect suspicious new and changed files last 3 hours. Skips cache directories.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# newfiles | |
# Detects new and changed php and html files last xxx minutes | |
# (C) 2014 Rene Kreijveld, enail [at] renekreijveld [dot] nl | |
# Update 31-12-2013: only send email when changes are found | |
# Update 04-02-2014: check for new files last three hours | |
# Update 05-05-2014: check for new html files also | |
# Update 07-05-2014: filter out ju_chached and DirectAdmin stats folders in html files | |
# Update 04-06-2014: added DURATION, SUBJECT_PREFIX, SCRIPT_FULLNAME and SENDNOTFOUND variables. | |
# added option to send email of nothing found | |
# All these improvements by Christophe Avonture | |
# Update 08-09-2016: Add more file types and delete not relevant filters | |
# Save this file as /usr/local/sbin/newfiles | |
# Modify the EMAIL variable to reflect your email address. | |
# Modify the HOMEDIR and TMPDIR variables to your needs. | |
# | |
# Then add to your local cron to run every 3 hours: | |
# 5 0,3,6,9,12,15,18,21 * * * /usr/local/sbin/newfiles | |
# Setup variables | |
SERVER="`hostname`" | |
EMAIL="you@yourmail.com" | |
TMPDIR=/tmp | |
EMAILMSG="$TMPDIR/new_changed.txt" | |
CHANGES="$TMPDIR/new_changes.txt" | |
HOMEDIR=/home | |
# 180 minutes -> find any files that have been changed during the last 3 hours | |
DURATION=180 | |
# Extra subject prefix for the email message | |
SUBJECT_PREFIX="File monitoring agent - server $SERVER - `date` " | |
# Retrieve the name of this script | |
SCRIPT_FULLNAME=$(cd `dirname "${BASH_SOURCE[0]}"` && pwd)/`basename "${BASH_SOURCE[0]}"` | |
# Send email if no new files were found? Enter value "yes" or "no" | |
SENDNOTFOUND=no | |
# Find mail client | |
if [ -s /bin/mail ]; then | |
MAIL=/bin/mail | |
elif [ -s /usr/bin/mail ]; then | |
MAIL=/usr/bin/mail | |
fi | |
# Find all changed .php files last 3 hours, skip files with "cache" and "php-mail" in filename | |
find $HOMEDIR -type f -mmin -$DURATION -iname "*.php" -exec ls -l {} \; > $CHANGES | |
# Find all changed .html files last 3 hours | |
find $HOMEDIR -type f -mmin -$DURATION -iname "*.html" -exec ls -l {} \; | grep -v cache >> $CHANGES | |
# Find all changed .css files last 3 hours | |
find $HOMEDIR -type f -mmin -$DURATION -iname "*.css" -exec ls -l {} \; | grep -v cache >> $CHANGES | |
# Find all changed .js files last 3 hours | |
find $HOMEDIR -type f -mmin -$DURATION -iname "*.js" -exec ls -l {} \; | grep -v cache >> $CHANGES | |
# Find all changed .sh files last 3 hours | |
find $HOMEDIR -type f -mmin -$DURATION -iname "*.sh" -exec ls -l {} \; >> $CHANGES | |
# Find all changed .php files last 3 hours in the temp directory | |
find $TMPDIR -type f -mmin -$DURATION -iname "*.php" -exec ls -l {} \; >> $CHANGES | |
# Only if changes are found, send email | |
if [ -s $CHANGES ]; then | |
echo "$SUBJECT_PREFIX" > $EMAILMSG | |
echo "New and changed files last 3 hours server $SERVER" >> $EMAILMSG | |
echo "================================================================================" >> $EMAILMSG | |
cat $CHANGES >> $EMAILMSG | |
$MAIL -s "New/changed files on $SERVER" "$EMAIL" < $EMAILMSG | |
else | |
if [ $SENDNOTFOUND == "yes" ]; then | |
echo "$SUBJECT_PREFIX" > $EMAILMSG | |
echo "No changes found during the last $DURATION minutes" >> $EMAILMSG | |
echo "List generated by $SCRIPT_FULLNAME" >> $EMAILMSG | |
cat $EMAILMSG | |
$MAIL -s "$SUBJECT_PREFIX - No changes found" "$EMAIL" < $EMAILMSG | |
fi | |
fi | |
# Cleanup temporary files | |
rm -f $EMAILMSG $CHANGES |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment