Книга: Fedora™ Unleashed, 2008 edition
Using a Simple Script to Automate Tasks
Using a Simple Script to Automate Tasks
You could use a simple script to examine your system log for certain keywords. If the script is run via your system's scheduling table, /etc/crontab
, it can help automate security monitoring. By combining the output capabilities of existing Linux commands with the language facilities of the shell, you can quickly build a useful script to perform a task normally requiring a number of command lines. For example, you can create a short script, named greplog
, like this:
#!/bin/sh
# name: greplog
# use: mail grep of designated log using keyword
# version: v.01 08aug02
#
# author: bb
#
# usage: greplog [keyword] [logpathname]
#
# bugs: does not check for correct number of arguments
# build report name using keyword search and date log_report=/tmp/$1.logreport.`date '+%m%d%y'`
# build report header with system type, hostname, date and time
echo "=============================================================="
>$log_report
echo " S Y S T E M M O N I T O R L O G" >>$log_report
echo uname -a >>$log_report
echo "Log report for" `hostname -f` "on" `date '+%c'` >>$log_report
echo "=============================================================="
>>$log_report ; echo "" >>$log_report
# record log search start
echo "Search for->" $1 "starting" `date '+%r'` >>$log_report
echo "" >>$log_report
# get and save grep results of keyword ($1) from logfile ($2)
grep -i $1 $2 >>$log_report
# build report footer with time echo "" >>$log_report
echo "End of" $log_report at `date '+%r'` >>$log_report
# mail report to root
mail -s "Log Analysis for $1" root <$log_report
# clean up and remove report
rm $log_report
exit 0
In this example, the script creates the variable $log_report
, which will be the filename of the temporary report. The keyword ($1
) and first argument on the command line is used as part of the filename, along with the current date (with perhaps a better approach in using $$ instead of the date, which appends the script's PID as a file extension). Next, the report header containing some formatted text, the output of the uname
command, and the hostname and date is added to the report. The start of the search is then recorded, and any matches of the keyword in the log are added to the report. A footer containing the name of the report and the time is then added. The report is mailed to root with the search term as the subject of the message, and the temporary file is deleted.
NOTE
By default, Fedora uses the logwatch
log monitoring command (actually a Perl script) in your system's /etc/cron.daily
directory to generate various reports each day at 0402 (4:02 a.m.). Configure logwatch
by editing the file /etc/log.d/logwatch.conf
. Other system monitoring tools are included, such as tripwire
. You can control system logging by editing /etc/syslog.conf
.
You can test the script by running it manually and feeding it a keyword and a pathname to the system log, /var/log/messages
, like this:
# greplog FAILED /var/log/messages
Note that your system should be running the syslogd
daemon. If any login failures have occurred on your system, the root operator might get an email message that looks like this:
Date: Mon, 12 Nov 2007 16:23:24 -0000
From: root <[email protected]>
To: [email protected]
Subject: FAILED
==============================================================
S Y S T E M M O N I T O R L O G
Linux werewolf 2.6.23-1.41 #1 Thu Nov 8 21:41:26 EST 2007 i686 i686 i386
+GNU/Linux
Log report for werewolf.hudson.com on Tue 12 Nov 2007 04:23:24 PM GMT
==============================================================
Search for-> FAILED starting 04:23:24 PM
12 16:23:04 werewolf login[1769]: FAILED LOGIN 3 FROM (null) FOR ahudson,
+Authentication failure
End of /tmp/FAILED.logreport.102303 at 04:23:24 PM
To further automate the process, you can include command lines using the script in another script to generate a series of searches and reports.
- Running a Shell Program
- Interpreting Shell Scripts Through Specific Shells
- Using Variables in Shell Scripts
- Using a Simple Script to Automate Tasks
- Built-In Variables
- Special Characters
- Comparison of Expressions in bash
- Special Statements: for, while, and Others
- Using Functions in Shell Scripts
- Reference
- Scheduling Tasks
- CHAPTER 33 Writing and Executing a Shell Script
- Using Variables in Shell Scripts
- Built-In Variables
- Beyond Simple Macros
- Листинг 10.1. (simpleid.c) Отображение идентификаторов пользователя и группы
- Chapter 12. Debugging your scripts
- Chapter 14. Example scripts
- Appendix J. Example scripts code-base
- Caveats using NAT
- Using Double Quotes to Resolve Variables in Strings with Embedded Spaces
- rc.firewall.txt script structure