[TriLUG] log monitoring (read this: Security ALERT!)
Jon Carnes
jonc at nc.rr.com
Wed Feb 20 12:15:10 EST 2002
The truth be known, I use /root/tmp for these... but modified the scripts
for general use.
Jon
----- Original Message -----
From: "Jeremy P" <jeremyp at pobox.com>
To: <trilug at trilug.org>
Sent: Wednesday, February 20, 2002 10:27 AM
Subject: Re: [TriLUG] log monitoring (read this: Security ALERT!)
> On Wed, 20 Feb 2002, Jon Carnes wrote:
>
> > Here is a pair of scripts that I run nightly on my main file server.
The
> > first dumps out a the size of each users home directory and emails me
the
> > top ten. The second dumps out the size of each departmental volume and
> > emails that to me.
> >
> > === home_du ===
> > #!/bin/bash
> > # List the size of individual users directories on Plasma
> > cd /home/users; du >/tmp/du_users
> > echo Top 10 Users of space on Plasma:
> > echo " "
> > tac /tmp/du_users |cut -f1,2 '-d/' |uniq -f1 |sort -n |tail -11
> > echo " "
> > # rm /tmp/du_users
>
> [snip other similar scripts]
>
> These scripts are NOT safe to run as root. Assuming /tmp is world
> writeable, someone could easily compromise your system by symlinking
> /tmp/du_users to some file they want to overwrite (like /etc/shadow,
> whatever).
>
> Here's a modification to make this script safe:
>
> TMPFILE=`/bin/mktemp /tmp/du_users.XXXXXX` || exit 1
> cd /home/users; du > $TMPFILE
> echo Top 10 Users of space on Plasma:
> echo " "
> tac $TMPFILE |cut -f1,2 '-d/' |uniq -f1 |sort -n |tail -11
> echo " "
> rm $TMPFILE
>
>
> Hope this helps,
> Jeremy
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
More information about the TriLUG
mailing list