Checks the process list every 5 seconds for a new process. If it finds one, sends an email.

process_monitor.sh

#!/bin/bash

MASTER_PROCESS_FILE=/tmp/master_process_list.out
OUT_FILE=/tmp/process_list.out
SLEEP_TIME=5s
RECIPIENTS=me@nobody.com

ps -wweo pid,euser,ruser,suser,fuser,comm,args | grep -v "ps -wweo pid,euser,ruser,suser,fuser,comm,args" | grep -v `basename $0` > ${MASTER_PROCESS_FILE}

while true; do
    ps -wweo pid,euser,ruser,suser,fuser,comm,args | grep -v "ps -wweo pid,euser,ruser,suser,fuser,comm,args" | grep -v `basename $0` > ${OUT_FILE}
    new_procs=`comm -13 ${MASTER_PROCESS_FILE} ${OUT_FILE}`
    DATE=`date`
    if [ -n "${new_procs}" ]; then
        ps_header=`ps -wweo pid,euser,ruser,suser,fuser,comm,args | head -1`
        echo "${DATE} - New processes!"
        echo "${ps_header}"
        echo "${new_procs}"

        host=`hostname`
        echo "<html><body><pre>${ps_header}
${new_procs}</pre></body></html>" | mail -s "$(echo -e "New process on ${host}\nContent-Type: text/html")" "${RECIPIENTS}"
        sleep 20s  # give mail a chance to clean up
    else
        echo "${DATE} - No new processes"
    fi

    mv ${OUT_FILE} ${MASTER_PROCESS_FILE}

    sleep ${SLEEP_TIME}
done