Solaris / OpenSolarisThis forum is for the discussion of Solaris, OpenSolaris, OpenIndiana, and illumos.
General Sun, SunOS and Sparc related questions also go here. Any Solaris fork or distribution is welcome.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Linux(Redhat,fedora,suse,ubantu), Solaris (s8/s9/s10/nevada/open-solaris)
Posts: 303
Rep:
shell/perl Script for file record
Hi,
I want to write a cron job for a script which should list out
1. new files added, owner of this file, date.
2. if some file deleted, by whom and date.
How can I write this script ?
Any idea would help me a lot.
I don't know if it's possible to figure out who deleted what file just from shell script, but maybe this program "iwatch" can help (I've never used it):
Distribution: Linux(Redhat,fedora,suse,ubantu), Solaris (s8/s9/s10/nevada/open-solaris)
Posts: 303
Original Poster
Rep:
I can think of two possible approach at this moment:
1. Based on Inode table changes:
Is there any command available, which will trigger some script for inode-table changes ?
2.Based on storage of files in an array:
Info for Files in the folder will be stored in an array. And a cron job would check, if files in array r avaiable in folder. New files would be added to trail of array.
* Now you can sort this list by i-node number and save as a snapshot of the directory
* Every time the script runs, it generate a new snapshot and compares it with the old one:
@ missing old inode: old file/directory deleted
@ same inode: compare timestamp and pathname for change
@ new inode: new file/directory created
* You might want to investigate more timestamps (man 2 stat: st_ctime), adding file type (file or directory) and other attributes for report (man find)
Distribution: Linux(Redhat,fedora,suse,ubantu), Solaris (s8/s9/s10/nevada/open-solaris)
Posts: 303
Original Poster
Rep:
Cron job:
Code:
*/2 * * * * /usr/bin/sh Myscript.sh
Myscript.sh :
Code:
#Script to run once in every 2 mins
#RecFile which store all transaction info
Touch RecFile
#PrevList contains old filenames
touch PrevList
#PresList contains present filenames
ls -l| tr -s ' '| cut -d ' ' -f9 >PresList
#Writing files added to Record
echo "Files Added:\c" >>RecFile
for i in `comm -1 PrevList PresList`
do
echo "$i \c" >>RecFile
done
#Writing files removed to record
echo ":Files Removed:\c" >>RecFile
for i in `comm -1 PresList PrevList`
do
echo "$i \c">>RecFile
done
echo ":`date`\n">>RecFile
#Store present filelists to PrevList
mv PresList PrevList
I want to write a cron job for a script which should list out 1. new files added, owner of this file, date. 2. if some file deleted, by whom and date.
Is there a specific reason for doing or needing that? I'm asking because logging this type of auditing information doesn't need re-invention of the wheel. It is already provided for if you run the auditd service on a system with an audit-enabled kernel: just configure system call logging. Then with the accompanying reporting tools you can query the log for any creation / deletions.
Distribution: Linux(Redhat,fedora,suse,ubantu), Solaris (s8/s9/s10/nevada/open-solaris)
Posts: 303
Original Poster
Rep:
I agree with unSpawn's comment.
But I don't see any alternate way except writing a new script.
I am using Solaris 10 machine and I don't know if this is audit-enabled.
Is there a mechanism to find out, the command or user who deleted the file ?
Distribution: Linux(Redhat,fedora,suse,ubantu), Solaris (s8/s9/s10/nevada/open-solaris)
Posts: 303
Original Poster
Rep:
I agree with unSpawn's comment.
But I don't see any alternate way except writing a new script.
I am using Solaris 10 machine and I don't know if this is audit-enabled.
Is there a mechanism to find out, the command or user who deleted the file ?
Distribution: Solaris 11.4, Oracle Linux, Mint, Debian/WSL
Posts: 9,789
Rep:
There are several ways to do it under Solaris. One would be to use a simple dtrace script which would report in real time every plain file creation and deletion. That one will do the job:
Distribution: Solaris 11.4, Oracle Linux, Mint, Debian/WSL
Posts: 9,789
Rep:
Knowing what files are created and deleted and by whom is a sensitive information. The user requiring this information need to be granted the required privilege. It need not necessarily be root though.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.