Writing a self-executing script

[eferre]

Hello everybody!

In order to make some tests for an IDS I need to have a self-executing script. It should run after his change of permissions by root user, or after a given time... can I do that?

Thank you!

[Irithori]

I dont know exactly what you mean by "his change of permissions by root user" or more precisely: What the purpose of that could be.
In theory, inotify (via http://inotify.aiken.cz/?section=inc...ge=doc&lang=en or http://code.google.com/p/lsyncd/) can be used to watch for IN_ATTRIB (attribute changes), and if one is detected, a script is triggered.
But for that the script should be always in the same directory (in case of incrond: drop the "should" and replace it with "must")


But running scripts at specific times is usually done by cron.

[eferre]

What I'd like to do is forcing the IDS to detect that a script was called by the owner, but actually the script was self-executed

[atreyu]

What do you mean by "self-executed"? Do you mean that the system somehow (cron, daemon, etc.) executed it, and you want IDS (whatever that is) to detect this, if the script is owned by a given user?

[eferre]

I recently installed psacct, that monitors process' creations by users... if a daemon runs a script what user related to script's execution can I see from psacct?

(This question is to give you a comprehensive answer)

[atreyu]

did you try this command:

Code:

dump-acct /var/account/pacct

at a quick glance, the 5th column in the output seems to reflect the UID of the user that ran/is running the process