#!/bin/bash
echo "Performing Audit"
find -printf "%TY-%Tm-%Td %TT %p\n" | sort -nr
This is just a starting point. Anything else I should add?
Hello,
What more (if anything) you may need to do depends on your reasons for doing this, and what information you are looking for precisely. This certainly may be perfectly adequate, it all depends on what information you regard as important, and on what it is you're trying to detect.
One thing I would point out is that find includes its own arguments for finding files which have been modified or accessed within a given time frame. Since you mention wanting to find recently modified files specifically, these options may well be worth your time to check out.
For example, to find all files beneath the current working directory which had been modified within the last five minutes, you could do the following:
$ find . -mmin -5
./.bash_history
$
To find all files modified within the last three days:
$ find . -mtime -3
.
./.bash_history
./.viminfo
$
and so on. So rather than printing out the timestamps for all files and directories, and then doing your own calculations to see what has changed, you may be able to get find to do most of the work for you (again, depending on what precisely your requirements are here).
Hope this helps !
2 Likes
I would at least add a timestamp when the 'audit' ran and who ran it.
echo "Performing Audit at $(date) by ${USER}"
....do whatever 'audit' tasks are deemed necessary
echo "Audit terminated at $(date)"
-
Does the user require privileges to traverse the file system ?
-
Presume this will be redirected to a log file.