nixCraft

I have tried for quite some time now to work out a shell script on these lines. Actually came across this problem when i was going throught the commonly found abs-guide exercises
http://www.die.net/doc/linux/abs-gui...ngscripts.html


The script is to do the following:
********************************************
Log all accesses to the files in /etc during the course of a single day. This information should include the filename, user name, and access time. If any alterations to the files take place, that should be flagged. Write this data as neatly formatted records in a logfile.
*******************************************

Any help to get going in this direction will be great!

Thanks a lot

Do you really wanna write script for this stuff? You can use automated tool such as tripwire. But let me know if you need script logic. I can provide you simple script logic.

__________________
Rocky Jr.
You may have my body & soul, but you will never touch my pride!

If you have knowledge, let others light their candles at it.

Certified to work on HP-UX / Sun Solaris / RedHat

Thanks rockdalinux for your help.

I could figure out the logic but was getting stuck on how to do it using shell scripting since unlike c programming you cannot get into the internal functions of the kernel to work on fd ( or am i mook on this?)

However i found the command that would help me going in this direction.

Its pretty simple once i got hold of the command and the switch.

In this case to get access of the /etc files and the users who did it, i used the lsof command as shown below:

lsof +D /etc

One can use +d if you do want only listing of the files at the first level only

Now l i can filter the data with awk and sed. :P

But i am thinking if i could write a deamon for the same so that the script runs continously and logs the data to a log file. I am still an novice in writing deamons and wrappers with shell scripts .

Now time to work on it!

Thanks rockdalinux for sharing your thoughts on my problem