script 說明:
該腳本可以對指定的系統重要文件進行監控,當文件被查看或修改後,腳本會查看最近登陸系統的用戶和IP,併發郵件通知。
- #!/usr/bin/perl
- use strict;
- use Mail::Sender;
- use Digest::SHA;
- my @files=('/etc/passwd', '/etc/shadow', '/var/log/wtmp');
- my $last_cmd=`last -2`;
- while (1) {
- my %md5_res;
- my %output;
- my @change;
- foreach my $file (@files) {
- $md5_res{$file}=MD5_digest($file);
- };
- while(1) {
- sleep 10;
- foreach my $file (@files) {
- if ($md5_res{$file} ne MD5_digest($file)) {
- $output{$file}="$file is changed";
- };
- };
- if (%output) {
- foreach my $key (%output) {
- print "$output{$key}\n";
- }
- print "$last_cmd";
- last;
- };
- };
- };
- sub MD5_digest {
- my $file=shift;
- my $sha=Digest::SHA->new('256');
- $sha->addfile($file);
- my $digest=$sha->hexdigest;
- return "$digest";
- }
- sub Send_mail {
- my($subject,$msg)=@_;
- my $sender=new Mail::Sender->MailMsg({
- smtp => 'mail.aaa.com',
- from => '[email protected]',
- to =>'[email protected]',
- subject => $subject,
- msg => $msg,
- auth => 'LOGIN',
- authid => 'neo',
- authpwd => '1234',}
- ) or die "$Mail::Sender::Error\n";
- print "Mail sent ok";
- }