The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help with quick Grep Script

Discussion in 'General Discussion' started by noimad1, Feb 13, 2008.

  1. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    I'd like to write a quick cron job script that could search through my logs for a specific string, then e-mail me if it is found.

    Something like:

    grep "hacker.txt" /var/log/messages

    Then if it finds something, e-mail me?

    Can someone help me write that really quick? I'm pretty sure it is an easy script, I just can't figure out the proper coding.
     
  2. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    grep is not the best method to do this, until you have something custom in mind.

    if you want this for the suspicious file, csf does that, it will not only secure your server and mail you as soon as any suspect process/script is found.
     
  3. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    Thanks, but what is CSF?

    Mainly right now I need a bandaid fix for a problem we are having with customers who's passwords have been compromised.

    The hackers are using automated scripts to upload spamming scripts through ftp, then spam, then remove the scripts. They always use the same filenames at this point.

    So as a quick fix I want to just be notified if anyone uploads files with matching names. That way I can stop it right away.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,475
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  5. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16


    Ah, that is nice. I'm disabling apf and trying this out on my servers. We'll see if it catches these recent problems.
     
Loading...

Share This Page