shell 文件審計
####################
#Data:2017/7/19
####################
#set -x
#監控文件目錄
INIT_PATH="/home/test/share"
#生成日誌目錄
FILE_DIR="/tyk"
FILE_TYPE=(reguar directory character block link socket pipe symbolic )
FILE_MAGIC=(text/plain inode/chardevice inode/symlink application/rtf audio/basic video/mpeg application/x-gzip application/x-tar inode/x-empty text/x-c application/x-javascript)
EMAIL=( [email protected] )
FILE_SUF=(tar tar.gz)
FILE_TMPD="$FILE_DIR/file_tmpd"
FILE_LIST="$FILE_DIR/file_list"
FILE_LISTD="$FILE_DIR/file_listd"
FILE_LOG="$FILE_DIR/fileerror_log"
sudo dpkg -l |egrep 'sendmail|nfs-common' > /dev/null 2>&1
if [ $? -ne 0 ]
then
sudo apt-get install sendmail -y
sudo apt-get install mailutils -y
sudo apt-get install nfs-common -y
fi
filecheck=`sudo dpkg -l |grep inotify-tools|awk '{print $2}'`
if [ -z $filecheck ]
then
sudo apt-get install rsync inotify-tools -y
fi
file_package(){
mkdir tmp
case $1 in
application/x-tar)
tar -xvf $2"/"$file -C $2"/"tmp
;;
application/x-gzip)
gunzip -d $2"/"tmp
;;
application/zip)
unzip $2"/"$file -d $2"/"tmp
;;
esac
}
read_dir(){
for file in ` ls $1 `
do
if [ -d $1"/"$file ]
then
echo $1"/"$file >> $FILE_TMPD
read_dir $1"/"$file
else
file -i $1"/"$file >> $FILE_LIST
file_T=`file -i $1"/"$file|awk '{print $2}'|cut -d";" -f1`
file_package $file_T $1 $file
fi
done
}
send_email(){
filename=$1
send_message="NIFO: $filename file type is not supported, Please check....,Thanks!!! -there are $2 files have a problem --"
date=$(date -d "today" +"%Y-%m-%d_%H:%M:%S")
echo "`date +'%Y-%m-%d %H:%M:%S'` $send_message " >> $FILE_LOG
for email1 in ${EMAIL[@]}
do
echo "$send_message" |mail -s "check file" $email1
wait
done
}
file_check(){
file_num=0
file_act=$1
file_typ=$2
echo $file_typ
number=`cat $file_act |wc -l`
for i in `seq $number`
do
file_reg=0
file_type=`cat $file_act |sed -n "$i"p|awk '{print $2}'|cut -d";" -f1`
for filetype in ${file_typ[@]}
do
if [ "$file_type" = "$filetype" ]
then
file_reg=1
break 1
fi
done
if [ "$file_reg" -eq "0" ]
then
let file_num+=1
filename=`cat $file_act |sed -n "$i"p|cut -d" " -f1`
send_email $filename $file_num
fi
done
}
send_info(){
file_dir=$FILE_DIR/file_dir
file_doc=$FILE_DIR/file_doc
sort $FILE_LISTD|uniq > $file_dir
sort $FILE_LIST|uniq > $file_doc
for file in $file_dir $file_doc
do
if [ "$file" = "$file_dir" ]
then
file_check $file "${FILE_TYPE[*]}"
else
file_check $file "${FILE_MAGIC[*]}"
fi
done
}
file_view(){
m=0
/usr/bin/inotifywait -mrq --timefmt '%d/%m/%y %H:%M' --format '%T %w%f%e' -e create,modify,attrib,move $INIT_PATH | while read files
do
let m+=1
echo "file has been change....$m..."
read_dir $INIT_PATH
file -f $FILE_TMPD > $FILE_LISTD
send_info
#rm -fr $FILE_DIR/file_*
done
}
file_view
shell 文件審計