Date: Thu, 19 Apr 2001 12:04:44 -0400 From: Paul Halliday <dp@penix.org> To: hackers@freebsd.org Subject: Re: Dilemma. Message-ID: <3ADF0C9C.FC7E6891@penix.org> References: <Pine.LNX.4.10.10104191023390.17566-100000@titan.communitech.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------08012C3E56A66318CE0CEC09 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Troy Corbin wrote: > > will your monitoring script be publicly available? > > -troy heh.. I doubt anyone would want it when it is complete. I have attached what I have so far. Which isnt much. you can see what it checks, I still need to add the check for running processes. Anyway, when this is all done the program will loop checking certain things every 5min, 1 hour, 12 hours, and full every 24 hours. all logs will be emailed to whatever address and whenever there is a significant change somewhere, ambiguous processes, logs etc will be directed to the main terminal, if unattended and depending on the severity of the situation processes will be terminated or if valid yet drawing a lot of resources reniced, firewall rules may be added or modified, shells destroyed, and if something very serious, say a scenario such as there has been a compromise somewhere, it was dealt with, checks increase on that area, then same or similar occurs again and things are logged yet no action is taken within set number of minutes or whatever the system will shutdown to single user mode etc.. this of course only occuring when something REALLY goes bad. The primary concern will be to make sure that all binaries are ok and the the program itself is sane and recieving the proper information. before you laugh, this is just an at home type of thing. something like that. -- Paul Halliday ============================================================================ Don't underestimate the power of stupid people in large groups. Web: http://dp.penix.org Current Project: http://www3.sympatico.ca/transmogrify/cl.html Public Key available here: http://dp.penix.org/dp.txt ============================================================================ --------------08012C3E56A66318CE0CEC09 Content-Type: text/plain; charset=us-ascii; name="spike" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="spike" #!/usr/local/bin/bash # Lets begin.. # Initial system check. Take some records. What will we watch? for now lets # examine filesystem structure and sizes and monitor memory and cpu usage. We # will also determine how many users their is, what terminal they are on, and # what they are up to. Note: this is designed for smaller system setups. # Most of the checks that are performed will take far too much time and resources # to be practical on larger systems. ie. raid arrays, terabytes of # disk space etc. #---------------------------------------# _clean_up () { echo echo 'Caught SIGnal.. Exiting cleanly..' echo exit 1 # add stuff in here to cleanup working dirs. } trap _clean_up 1 2 3 15 17 #----------------------------------------# _init_state () { echo echo "[ spike v.01b ]" echo echo "The first time this program is run it must aquire a fingerprint" echo "of the filesystem, this process will take about 5-10 minutes." echo "A full system fingerprint like this will be taken once every" echo -n "24 hours. " check=1 while [ $check = 1 ]; do echo -n "Do you wish to continue? [y/n]: " read comply case $comply in [Nn]) echo Quit!;exit 1;; [Yy]) check=2;; *) echo; echo "-- Invalid entry! --";echo;; esac done; echo echo -n "=> checking filesystem.. " echo "##### Archived: `/bin/date` #####" >spike.init /bin/ls -aliTR / >>spike.init; chmod 600 spike.init; chflags schg spike.init; echo "done!" _usr_state } #----------------------------------------# _usr_state () { echo -n "=> collecting user base.. " echo "##### Archived: `/bin/date` #####" > spike.user /usr/bin/who >>spike.user; chmod 600 spike.user; chflags schg spike.user echo "done!" _disk_state } #----------------------------------------# _disk_state () { echo -n "=> collecting HD, CPU and memory usage.. " echo "##### Archived: `/bin/date` #####" >spike.dcm; echo "Load: `uptime|awk '{print $10}' | tr -d ,`" >>spike.dcm; /usr/bin/top -d 3 0 | sed -n 18,20p >>spike.dcm; /bin/df -h >>spike.dcm chmod 600 spike.dcm; chflags schg spike.dcm; echo "done!" #_check_state } #--------------------------------------# # Time to begin with the checks. We will work hierarchically following that # which we have covered so far. This will be a continuous loop until main # is called again or until we reach an alert state. #_check_state () #{ # last_date= #} #_spike_released () _init_state --------------08012C3E56A66318CE0CEC09-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ADF0C9C.FC7E6891>