Hm, I'm not at all good at shell-scripting. Same holds true for
the security-business. Therefore my ideas might be bullshit.
> Hi - I have a college assignment with some typically college like vague
> One of them is to write a shell script that will do the following:
> Find Dormant Accounts
> Monitoring of key system files to make sure all is well(doesn't say which
> and the lecturer isn't interested in telling!)
> Parse and format it all in a suitable way....
> I *think* it may be able to be done using the following:
> to check for dormant accounts :
> maybe use find and the -atime (?) switch to see if the files INSIDE the
> account have been accessed within a given time limit.
This would give You *exactly* that. But of what possible use
would it be? A cracker owning one account would probably fake
some activity once and again. If You set the time interval
too narrow, You will get a bunch of employees on holidays.
Might be a good start, but if I were You I would include a
possibility to feed some sort of table into the script (which You'd
receive from the HR-Dept. in the real world) which lists the guys
that work in Your company. The remains would be easier to overlook.
You could sell that to Your prof, I suppose.
> for the monitoring of system files :
> create a log file containing a list of all key system files and thier
> use SED or AWK to strip out the useless infomation. Should give a log file
> with all the correct sizes in. Now write a script to take each line of the
> log file and compare the logged size with the actual size
> Parseing and Formatting should be more of the above using AWK and SED
Hm, do You want to test whether someone tampered with Your logs
or do You want to get a message when sth. phony is going on? To
accomplish the first You would normally set up a dedicated log-
server without real IP-address, non-reachable from the outside
world (look at, I think, Linux Gazette to see how to do that).
For the second: Make a list of things You want to watch, write a
script and cron it, make htmled output and lynx it on the screen.
You can even have more than one file then, giving the admin the
possibility to take a look at strange log-ins, irregular
packages, snort-alarms or all-in-one.
Now, that's what I'd think of as useful, but it might not meet
Your profs requirements.
> Trouble is - I really don't know how to do this stuff - I'm very new with
> linux - especially scripting.... are there any websites with scripts that
> will do this sort of thing? Or are there any people out there who just
> *love* writing scripts and are feeling generous <g>
(Just in Case)
> Any help is much appreciated!