System security has always been a matter of most computer users. In the UNIX system, the most important thing is, that is, there is "Trojan Horse" in the system. No matter how Trojan Horse is put in, it will always constantly, that is, the file that is placed in Trojans, the file date will be changed, and there will even be other state changes. In addition, in many cases, there will be some unknown files. Therefore, the state of the entire archive system is changed on weekdays, and all states have changed files, and there are currently those who are being implemented, automatically report to the system administrator, is a good way to sit on "Trojans". -------------------------------------------------- ------------------------------ #! / bin / sh # filename: whatver_you_name_it DIRS = "/ etc / home / bin / Sbin / usr / bin / usr / sbin / usr / local / var / you_directory "admin =" email@your.domain.com "from =" admin@your.domain.com "# 写 入 s 的 标 e" SUBJECT : $ Hostname FileSystem Check "> /TMP/Today.mail Echo" from "from" from ">> /TMP/Today.mail echo" to: $ admin ">> /tmp/today.mail echo" this is FileSystem Report Comes From $ hostname ">> /TMP/Today.mail # Report the program currently executing PS AXF >> /TMP/Today.mail # file system Check Echo" File System Check ">> /TMP/Today.mail LS -ALR $ DIRS | GZIP -9> /TMP/Today.gz zdiff /tmp/today.gz /tmp/yesterday.gz >> /tmp/today.mail mv -f /tmp/today.gz /tmp/yesterday.gz # Send mail sendmail -t / dev / null 2> / dev / null check Some files are fixed to be more movable, like / var / log / messages, / var / log / syslog, / DEV / TTYX, etc., don't be too big.
