即時監控檔案目錄的異動

    本教學將說明如何在 Linux/UNIX 系統上,針對特定的檔案目錄所發生的任何異動,作即時性的監控及通報。

    系統環境:

    • CentOS/RedHat
    • Integrit
       

    其他解決方案:

    另一個解決方案是軟體 inotify-tools,這工具可以監控特定目錄的檔案異動情形(Linux 2.6.13 以上才有支援),以下連結的範例是用在特定目錄下,一旦有檔案或目錄的異動,立即呼叫 rsync 的備份 script。

    How to use inotify-tools to trigger scripts on filesystem events

    php使用inotify實現陣列處理

     

    安裝 Integrit

    下載安裝檔
    http://sourceforge.net/projects/inte...ar.gz/download

    編譯安裝

    tar xzf integrit-4.1.tar.gz
    cd integrit-4.1
    ./configure --prefix=/opt/integrit
    make
    make install 
    

    新增設定檔 /etc/integrit.conf

    known=/root/known.cdb
    current=/root/current.cdb
    root=/mnt/your/directory/path
    

    Tips:

    known 基準系統狀態資料庫
    current 目前系統狀態資料庫
    root      監控的目錄

    該目錄若是第一次作監控,需要先建立基準狀態資料庫,指令如下:

    /opt/integrit/sbin/integrit  -u  -C  /etc/integrit.conf  –N /root/known.cdb

    檢查目錄的狀態

    /opt/integrit/sbin/integrit  -u  -c -C  /etc/integrit.conf

    Tips:

    -u update
    -c 執行檢查
    -C 設定擋路徑

    監控的 perl script

    功能:

    1. 目錄內檔案的新增、刪除、變更(包含權限) 等異動發生時,都會被偵測出來。
    2. 郵件通知使用系統的 mail 指令,無須加裝任何 perl module。

    內容:

    #!/usr/bin/perl
    # Author: alang by 2011-03-07
    # Usage: ./mon_dir_diff.pl
    #
    # Notes: To change the path of the directory which you like to monitor,
    #        have to edit /etc/integrit.conf.
    #
    #        To rebuild known.cdb, run this command
    #        /opt/integrit/sbin/integrit -u -C /etc/integrit.conf -N /root/known.cdb
    #
    
    $INTEGRIT_CMD="/opt/integrit/sbin/integrit";
    $INTEGRIT_CONF="/etc/integrit.conf";
    $INTEGRIT_KNOWN="/root/known.cdb";
    $TO = '[email protected] [email protected]';
    $SUBJ = 'Notification: ';
    
    $RESULT=`$INTEGRIT_CMD -u -c -C $INTEGRIT_CONF`;
    $CHECK_CMD="$INTEGRIT_CMD -u -c -C $INTEGRIT_CONF";
    $RESET_CMD="$INTEGRIT_CMD -u -C $INTEGRIT_CONF -N $INTEGRIT_KNOWN";
    
    # sendEmail ($to, $subject, $body)
    sub sendEmail
    {
      my ($mail_to,$mail_s,$mail_b) = @_;
      my $mail_cmd = "/bin/mail";
      open(MAIL, "| $mail_cmd -s \"$mail_s\" $mail_to");
      print MAIL $mail_b;
      close (MAIL);
    }
    
    $COUNT_REMOVED=0;
    $COUNT_ADDED=0;
    $COUNT_CHANGED=0;
    @token=split(/\n/,$RESULT);
    foreach (@token)
    {
      if($_=~/(missing\:)/)  # some files be removed
      {
        $COUNT_REMOVED++;
      }
      elsif($_=~/(new\:)/)  # some files be added
      {
        $COUNT_ADDED++;
      }
      elsif($_=~/(changed\:)/)  # some files be changed
      {
        $COUNT_CHANGED++;
      }
    }#foreach
    
    if($COUNT_REMOVED !=0 || $COUNT_ADDED !=0 || $COUNT_CHANGED !=0){
      system("$RESET_CMD"); # reset the status
      $REPORT = <<EOF;
    **********[ PLEASE DON'T REPLY THIS EMAIL ]**********
    
    [SummaryRepor]
    - The rows of the removed files: $COUNT_REMOVED
    - The rows of  the new files:     $COUNT_ADDED
    - The rows of the changed files: $COUNT_CHANGED
    
    [Detailed information]
    EOF
      $SUBJ = $SUBJ."detected the removed($COUNT_REMOVED),added($COUNT_ADDED),changed($COUNT_CHANGED) files";
      $REPORT = $REPORT.$RESULT;
      print $REPORT;
      sendEmail($TO,$SUBJ,$REPORT);
    }
    標籤 (Edit tags)
    • No tags

    文件 1

    文件大小日期附件上傳者 
     integrit-4.1.tar.gz
    Integrit 4.1
    265.26 KB17:36, 8 Mar 2011alang動作
    您必須 登入 才能發佈評論。
    Powered by MindTouch Core