[TriLUG] log monitoring (read this: Security ALERT!)
Jeremy P
jeremyp at pobox.com
Wed Feb 20 10:27:02 EST 2002
On Wed, 20 Feb 2002, Jon Carnes wrote:
> Here is a pair of scripts that I run nightly on my main file server. The
> first dumps out a the size of each users home directory and emails me the
> top ten. The second dumps out the size of each departmental volume and
> emails that to me.
>
> === home_du ===
> #!/bin/bash
> # List the size of individual users directories on Plasma
> cd /home/users; du >/tmp/du_users
> echo Top 10 Users of space on Plasma:
> echo " "
> tac /tmp/du_users |cut -f1,2 '-d/' |uniq -f1 |sort -n |tail -11
> echo " "
> # rm /tmp/du_users
[snip other similar scripts]
These scripts are NOT safe to run as root. Assuming /tmp is world
writeable, someone could easily compromise your system by symlinking
/tmp/du_users to some file they want to overwrite (like /etc/shadow,
whatever).
Here's a modification to make this script safe:
TMPFILE=`/bin/mktemp /tmp/du_users.XXXXXX` || exit 1
cd /home/users; du > $TMPFILE
echo Top 10 Users of space on Plasma:
echo " "
tac $TMPFILE |cut -f1,2 '-d/' |uniq -f1 |sort -n |tail -11
echo " "
rm $TMPFILE
Hope this helps,
Jeremy
More information about the TriLUG
mailing list