How would I be able to come to know that files/directoires in a Parent directory has been accessed (means contents of the file has been just viewed) by the user(s) in a group ? and mail the name(s) of those files/directories which has been accessed recently in past 1 or 2 minutes with the name of the user who viewed the files/direcotries.
How will I write script for this ??
Please answer this QUESTION asap as I am after this problem for past 15 days and I did't get any perfect answer.
Hey Varun,
Hope you guys are doing Gr8 !!
Once again I dun have any *NIX box with me. So why Just giving one logic by which you will get your answer.
-------------------------------------------------------------
#!/bin/bash
## List all the files which one accessed since last 1 min #####
for file_dir in `find <parent-dir> -atime -1`
do
### Find out the PID for that files which one been accessed
pid=`fuser -f $file_dir`
### Find out the owner/user name for that Process
### Replace the $access_user_filed with the filed no from the ps -ef
### command
user=`ps -ef | grep $pid | awk { print $access_user_filed }`
echo " $file_dir access by the $user " >> File_Access_List "
mail -s " File Access List " user@yourdomain.com < File_Access_List
done
Hey,
please clarify my doubt..
What is $access_user_filed , used in the following command ?user=`ps -ef | grep $pid | awk { print $access_user_filed }`
In ps -ef we have following columns..
UID PID PPID C STIME TTY TIME CMD
Are you talking about UID or anything else ??
When I run the script it gives me following error :
AccessLogMonitor_script[11]: 0403-057 Syntax error at line 23 : `"' is not matched.
And my script is, as per your suggestions :
--------------------------------------------------------------------- #SCRIPT TO CHECK WHO HAS ACCESSED THE LOG/FILE IN PAST 'N' MINUTES, AND MAIL ACCORDINGLY.
MYPATH="/clocal/mqbrkrs/user/mqsiadm/sanjay/" MAIL_RECIPIENTS="abc@xyz.com"
Subject="File accessed in last few minutes are ::"
>tempmail.txt
>tempfind.txt
## List all the files which one accessed since last 1 min #####
for file_dir in `find $MYPATH -amin -1`
do
### Find out the PID for that files which one been accessed
pid = `fuser -f $file_dir`
### Find out the owner/user name for that Process
### Replace the $access_user_filed with the filed no from the ps -ef
### command
user = `ps -ef | grep $pid | awk { print $1 }`
echo " $file_dir access by the $user " >> tempmail.txt "
done
if you are on linux, you can turn on auditing using auditd. commands like auditctl, ausearch,aureport may be able to help you. if you are on solaris, you can turn on BSM.
I am not on AIX, but a search produce this. you might want to take a look. Some ppl here are on AIX(aigles?) , so hope they can provide you some insights...
### Find out the owner/user name for that Process
### Replace the $access_user_filed with the filed no from the ps -ef
### command
user = `ps -ef | grep $pid | awk '{ print $1 }'` (I think you need the single quotes here?)
echo " $file_dir access by the $user " >> tempmail.txt " (here you have 3 " characters)
done
#SCRIPT TO CHECK WHO HAS ACCESSED THE LOG/FILE IN PAST 'N' MINUTES, AND MAIL ACCORDINGLY.
MYPATH="/clocal/mqbrkrs/user/sanjay/" MAIL_RECIPIENTS="abc@def.com"
Subject="File accessed in last few minutes are ::"
>tempmail.txt
>tempfind.txt
## List all the files which one accessed since last 1 min #####
for file_dir in `find $MYPATH -amin -1`
do
### Find out the PID for that files which one been accessed
pids = '' #fuser -f "$file_dir" > tempfind.txt
#pid=$(tr -dc "[:digit:]\n" < tempfind.txt)
pids=`fuser -f "$file_dir" | tr -dc "[:digit:]"`
echo "$pids"
### Find out the owner/user name for that Process
### Replace the $access_user_filed with the filed no from the ps -ef
### command
user = `ps -ef | grep -w "$pid" | awk '{ print $1 }'`
echo " $file_dir access by the $user " >> tempmail.txt
done
All the scripts are using fuser, which will send you an alert only if the script runs when the user is accessing the file. As porter has already mentioned, it will give no details for access in the interval between script invocations. Suggest checking out the link that ghostdog74 has posted.