[TriLUG] neat zsh command

Greg Brown gregbrown at mindspring.com
Wed Aug 14 22:07:22 EDT 2002


Hey everyone.  I found this interesting command in a recent Linux Journal 
article.  It's a zch command that I run via a cron job once a day.  The 
output of the command lists any executable file that has changed in the last 
24 hours.  I write the output to a file then e-mail that to myself daily.  
This way, if someone does manage to hack my system and install a trojan horse 
- or a trojan horse is installed via a hacked rpm or something - I'll see 
which files changed.  I suppose it would be a good idea to write these files 
to a mySQL database so I can watch which files change over time but I'll get 
around to that at a later date.

Here is the command that outputs the executable that have changed:

#!/bin/zch
print -l /**/*(*.m-1) 

Cheers,

Greg







More information about the TriLUG mailing list