Home    posts    security shell script

Posted on: October 6, 2017Updated: November 24, 2017

How to make a shell script to check for file changes

Anyone concerned with security of their sites might find this useful. We will discuss how to make a script that will be run by cron periodically and send an email, if any file changes have been observed in the specific folders. This is a good way to monitor files and activity on your server.

So, to get started, the first part will contain information about the script and in the second part, we will look at how to set up the script on a Linux/Unix server.

PART 1 - Create the script

First thing we need to do is to create execution variables, basically shell commands saved to variables. Then just check if either produces any results and, if so, send these results to a defined email address.


# Check for any content modification in any of the files in the root folder of project 1 for the past hour
var1=$(find /home/username/www/public_html/project1 -mmin -60 -type f)

# Check for any metadata changes in any of the files in the root folder of project 1 for the past hour
var2=$(find /home/username/www/public_html/project1 -cmin -60 -type f)

# Specify the email address
to[email protected]

# If var1 or var2 produce any result, then execute below
if [[ $var1  ||  $var2 ]]; then

	# Create empty variable, loop through the $var1 variable and execute the stat coomand for each line in the output
	# Then append the result to above, outside the loop, empty variable
	Mall=''
	for x in $var1; do
		newm=$(stat -L $x)
		Mall+=$newm"\n\n"
	done

	# Repeat for the process for $var2 and append to a different newly created variable
	Call=''
	for x in $var2; do
		newc=$(stat -L $x)
		Call+=$newc"\n\n"
	done

	# If both $var1 and $var2 variables produce result send an email with all the details
	if [[ $var1 && $var2 ]]; then
		echo -e "Files content modified:\n$var1\n\n$Mall\nFiles metadata changed:\n$var2\n\n$Call" | mail -s "Changes and modifications made in Project 1 folder" "$to"

	# if only $var1 produces output then send the details of only this variable
	elif [[ $var1 ]]; then
		echo -e "Files content modified:\n$var1\n\n$Mall" | mail -s "Modifications made in Project 1 folder" "$to"

	# else send the details of $var2 variable
	else 
		echo -e "Files metadata changed:\n$var2\n\n$Call"| mail -s "Changes made in Project 1 folder" "$to"
	fi	
fi

Note that stat -L command will generate detailed output and since most of times both content and metadata are changed in a file, this might print out a lot of duplicated output by the mentioned command. So optionally, you may replace the stat -L command with a simple ls -l to get the time of the last change along with file permissions. Depends how many changes you expect, the latter produces significantly less output. The script can be downloaded here.

PART 2 - Configure cron to run the script

First you'll need to copy the script to the remote server. Make sure to avoid putting it in the root folder of the project because bots or people scanning your website might be able to read the file and learn of this booby trap. Instead, you should save it outside any of your projects. Then make the script executable(chmod +x /path/to/script). At this point, you'll want to test the script so make a change in the targeted folder, such as copying a file to it, and then execute:


bash /path/to/script

If it doesn't work, double check the code again(could be a wrong email or wrong path). If it persists, then perhaps you need to convert the line endings to Unix like environment. To do that, execute:


dos2unix /path/to/script

Try the script again. It should work by now. Next step is to configure cron to run the script every hour since the script is set to check for changes in the past hour. So enter cron with the following command:


crontab -e

At the bottom, add the line that will run the script every hour at the beginning of the hour indefintely:


0 * * * * /path/to/script

Save and exit cron. That's it, your security camera is now up and running. Of course, if you are really paranoid, you could set the script to check for changes in the last 60 seconds and then set cron to run the script every minute. In such case here is a wiki guideline. Another thing to note is that the script will notify you even if the changes were made by you. Always keep that in mind.


Comments:

Be the first to comment.

Add a comment:










I have read and agree with the Privacy terms and conditions.