LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-21-2018, 02:10 PM   #1
skagnola
LQ Newbie
 
Registered: May 2017
Distribution: CentOS
Posts: 26

Rep: Reputation: Disabled
Looking if it is possible to send an email when a file is read


Hello!

This may be an odd request, but I am looking for anyone who has experience with, or may know of a way to do this. On CnetOS 6/7.

When a particular file is read by anyone: root or other users on a system, an email will be sent to a designated recipient.

The read action can be something like ...

Code:
cat /etc/fstab
... an email will be generated and sent to some recipient. The email can simply be something...

Code:
mail -s "/etc/fstab has been opened" -r "root@domain.com" "recipient@domain.com"

I have been looking around here and there, Googling and whatnot, but it is proving fruitless. Likely due to my ignorance of what this requires to make it happen. Any help is appreciated.
 
Old 06-21-2018, 05:29 PM   #2
skagnola
LQ Newbie
 
Registered: May 2017
Distribution: CentOS
Posts: 26

Original Poster
Rep: Reputation: Disabled
I think what I am looking for is probably some mix of auditctl, then reporting on that with a cronjob emailing output of aureport.
 
Old 06-21-2018, 05:41 PM   #3
michaelk
Moderator
 
Registered: Aug 2002
Posts: 17,705

Rep: Reputation: 2379Reputation: 2379Reputation: 2379Reputation: 2379Reputation: 2379Reputation: 2379Reputation: 2379Reputation: 2379Reputation: 2379Reputation: 2379Reputation: 2379
inotifywatch maybe adequate for your needs.

https://en.wikipedia.org/wiki/Inotify
 
1 members found this post helpful.
Old 06-22-2018, 09:09 AM   #4
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,753

Rep: Reputation: 1061Reputation: 1061Reputation: 1061Reputation: 1061Reputation: 1061Reputation: 1061Reputation: 1061Reputation: 1061
Quote:
Originally Posted by michaelk View Post
inotifywatch maybe adequate for your needs.

https://en.wikipedia.org/wiki/Inotify
I have that set for certain folders, using incrontab with IN_MODIFY calling a bash script to send a mail. I'm sure IN_OPEN would be the flag to use to see if it's been read.
 
1 members found this post helpful.
Old 06-22-2018, 11:13 AM   #5
skagnola
LQ Newbie
 
Registered: May 2017
Distribution: CentOS
Posts: 26

Original Poster
Rep: Reputation: Disabled
This is very helpful info! I will definitely give inotify a look.

I ended up doing this as a quick / dirty way to get something up and running.


Created a auditctl job for any admins interacting with files in a certain dir ( pulled from an example in the man page of auditctl )

Code:
-a always,exit -S all -F dir=/some/dir/ -F uid=0 -C auid!=obj_uid
Made a small script to report on the audit job

Code:
!#/bin/bash

aureport -f -i | grep /some/dir/ | mail -s "Audit Report" -r "root@vm.com" "recipient@domain.com"
Set a cronjob to run the report a couple times a day

Code:
0 9,16 * * * /dir/aud.sh
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
send mail to all email-id's in a file using ssmtp aavika Linux - Newbie 3 12-10-2014 07:23 AM
Read a file, and send an email to the users inside the file karthikbhuvanagiri Programming 7 03-19-2013 07:01 PM
SuSE 9.2 Pro: can read but not send email longtex SUSE / openSUSE 8 07-23-2005 05:21 PM
Pine won't send email, can't read inbox, I'm a new Fedora user SharpyWarpy Fedora 1 06-29-2005 08:43 AM
How to send email to a file for parsing archaegeo Linux - Newbie 1 10-31-2004 04:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration