modifiedFiles
#!/bin/sh
# Prints a list of files modified after the file 'referenceFile' is touched.
#
# Instructions:
# Suppose you want the reference file to be called 'start'. Just run the
# command: "touch start" from your root directory. This will create the file 'start'.
# Then add any directories you want to watch to the searchDirs list.
#
# Now go and do your file editing etc ....
# At the end of the day just run this script from the root of your home directory.
#
# Author: Michael Lake, 2003
referenceFile="/home/mike/start"
searchDirs="bin latex public_html"
if [ $PWD != $HOME ]; then
echo "You must be in the root of your home directory to run this script!"
exit 1;
fi
echo
echo "Searching directories RECURSIVELY for files modified since: "
echo `ls -l --full-time ~/start` | cut -d " " -f6-8
echo `date` | cut -d " " -f1-3 | tr -d '\n'; echo " <-- todays date"
echo "Searching: " | tr -d '\n'
for i in $searchDirs; do
echo "$i " | tr -d "\n"
done
echo
echo
# Find files that have has a more recent last modification time
# than file $referenceFile.
# But ignore the types of files listed in the sed lines
for i in $searchDirs; do
find $i -type f -newer $referenceFile -print \
| sed "/DS_Store/d" \
| sed "/\.aux/d" \
| sed "/\.ilg/d" \
| sed "/\.idx/d" \
| sed "/\.ind/d" \
| sed "/\.lof/d" \
| sed "/\.loo/d" \
| sed "/\.lot/d" \
| sed "/\.dvi/d" \
| sed "/\.pdf/d" \
| sed "/\.ps/d" \
| sed "/\.log/d" \
| sed "/\.toc/d" \
| sed "/\.fig/d" \
| sed "/\.eps/d" \
| sed "/\.tif/d"
done
echo
echo 'hint, to ignore a string do this: | grep -v '
echo
run-aide
#!/bin/bash
# This script simplifies running the 'Advanced Intrusion Detection Environment'
# on remote servers. The aide binary, conf file and database are not kept on
# the remote machine but copied over by this script in Step 1.
# Step 2 runs the aide check via ssh.
# Step 3 copies the report and any new aide database back to the local machine.
# Step 4 removes the aide files from the remote machine as a security measure.
#
# Procedure
# ---------
# Basically run the steps in the order 1, 2, 3, 4.
# Read the report to check that there have been no instrusions.
# Change the next few lines to sui.
remote_machine='www.myserver.com.au'
remote_aide_directory='/home/myname/aide_files' # No trailing slash !
echo
echo ' *********************************************'
echo ' * Advanced Intrusion Detection Environment *'
echo ' * *'
echo ' * Proceed through steps 1 to 4 *'
echo ' * *'
echo ' * Select an option for AIDE *'
echo ' * *'
echo ' * "Q" or "q" to quit *'
echo ' *********************************************'
echo
# The normal shell variable contains "#? ", replace this.
PS3='Choice: '
exec_list="Copy_files_to_remote_machine Run_aide_check Run_aide_update Delete_files_from_remote_machine"
select exec in $exec_list; do
if [ $REPLY = "1" ]; then
# Copy files TO remote machine
echo "Copying aide binary, conf & db files to mike@$remote_machine:..."
scp ./aide mike@$remote_machine:/home/mike/aide_files/aide
scp ./aide.conf mike@$remote_machine:/home/mike/aide_files/aide.conf
scp ./aide.db mike@$remote_machine:/home/mike/aide_files/aide.db
elif [ $REPLY = "2" ]; then
# Run aide check on remote machine and copy report back to here.
echo "Running aide check on remote machine ..."
ssh mike@$remote_machine "sudo $remote_aide_directory/aide -c $remote_aide_directory/aide.conf --check"
echo "Copying aide report back to local machine ... "
scp mike@$remote_machine:/home/mike/aide_files/report report
elif [ $REPLY = "3" ]; then
# Run aide update on remote machine.
echo "Updating aide database on remote machine ... "
ssh mike@$remote_machine "sudo $remote_aide_directory/aide -c $remote_aide_directory/aide.conf --update"
echo "Copying new aide database to local machine ... "
scp mike@$remote_machine:/home/mike/aide_files/aide.db.new aide.db.new
elif [ $REPLY = "4" ]; then
# Delete aide files from remote machine
echo "Deleting aide files from remote machine ..."
ssh mike@$remote_machine "rm -f $remote_aide_directory/aide"
ssh mike@$remote_machine "rm -f $remote_aide_directory/aide.conf"
ssh mike@$remote_machine "rm -f $remote_aide_directory/aide.db"
ssh mike@$remote_machine "rm -f $remote_aide_directory/aide.db.new"
ssh mike@$remote_machine "rm -f $remote_aide_directory/report"
elif [ $REPLY = "q" ] || [ $REPLY = "Q" ] ; then
exit 0
else
echo "Invalid selection try again..."
fi
done