script 说明:
该脚本可以对指定的系统重要文件进行监控,当文件被查看或修改后,脚本会查看最近登陆系统的用户和IP,并发邮件通知。
- #!/usr/bin/perl?
- use?strict;?
- use?Mail::Sender;?
- use?Digest::SHA;?
- my?@files=('/etc/passwd',?'/etc/shadow',?'/var/log/wtmp');?
- my?$last_cmd=`last?-2`;?
- ?
- while?(1)?{?
- ????????my?%md5_res;?
- ????????my?%output;?
- ????????my?@change;?
- ????????foreach?my?$file?(@files)?{?
- ????????????????$md5_res{$file}=MD5_digest($file);?
- ????????};?
- ????????????????while(1)?{?
- ????????????????????????sleep?10;?
- ????????????????????????foreach?my?$file?(@files)?{?
- ????????????????????????????????if?($md5_res{$file}?ne?MD5_digest($file))?{?
- ????????????????????????????????????????$output{$file}="$file?is?changed";?
- ?
- ????????????????????????????????};?
- ????????????????????????};?
- ????????????????????????if?(%output)?{?
- ????????????????????????????????foreach?my?$key?(%output)?{?
- ???????????????????????????????????????print?"$output{$key}n";?
- ?
- ????????????????????????????????}?
- ????????????????????????????????print?"$last_cmd";?
- ????????????????????????????????last;?
- ????????????????????????};?
- ????????????????};?
- };?
- ?
- sub?MD5_digest?{?
- ????????my?$file=shift;?
- ????????my?$sha=Digest::SHA->new('256');?
- ????????$sha->addfile($file);?
- ????????my?$digest=$sha->hexdigest;?
- ????????return?"$digest";?
- }?
- ?
- ?
- ?
- sub?Send_mail?{?
- ????????my($subject,$msg)=@_;?
- ????????my?$sender=new?Mail::Sender->MailMsg({?
- ?????????smtp?=>?'mail.aaa.com',?
- ?????????from?=>?'neo@aaa.com',?
- ?????????to?=>'neo@gmail.com',?
- ?????????subject?=>?$subject,?
- ?????????msg?=>?$msg,?
- ?????????auth?=>?'LOGIN',?
- ?????????authid?=>?'neo',?
- ?????????authpwd?=>?'1234',}?
- ????????)?or?die?"$Mail::Sender::Errorn";?
- ????????print?"Mail?sent?ok";?
- }?