[TriLUG] neat zsh command
Greg Brown
gregbrown at mindspring.com
Wed Aug 14 22:07:22 EDT 2002
Hey everyone. I found this interesting command in a recent Linux Journal
article. It's a zch command that I run via a cron job once a day. The
output of the command lists any executable file that has changed in the last
24 hours. I write the output to a file then e-mail that to myself daily.
This way, if someone does manage to hack my system and install a trojan horse
- or a trojan horse is installed via a hacked rpm or something - I'll see
which files changed. I suppose it would be a good idea to write these files
to a mySQL database so I can watch which files change over time but I'll get
around to that at a later date.
Here is the command that outputs the executable that have changed:
#!/bin/zch
print -l /**/*(*.m-1)
Cheers,
Greg
More information about the TriLUG
mailing list