Find the answer to your Linux question:
Results 1 to 6 of 6
Hello everybody! In order to make some tests for an IDS I need to have a self-executing script. It should run after his change of permissions by root user, or ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2011
    Posts
    38

    Writing a self-executing script


    Hello everybody!

    In order to make some tests for an IDS I need to have a self-executing script. It should run after his change of permissions by root user, or after a given time... can I do that?

    Thank you!

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,390
    I dont know exactly what you mean by "his change of permissions by root user" or more precisely: What the purpose of that could be.
    In theory, inotify (via http://inotify.aiken.cz/?section=inc...ge=doc&lang=en or http://code.google.com/p/lsyncd/) can be used to watch for IN_ATTRIB (attribute changes), and if one is detected, a script is triggered.
    But for that the script should be always in the same directory (in case of incrond: drop the "should" and replace it with "must")


    But running scripts at specific times is usually done by cron.
    You must always face the curtain with a bow.

  3. #3
    Just Joined!
    Join Date
    Apr 2011
    Posts
    38
    What I'd like to do is forcing the IDS to detect that a script was called by the owner, but actually the script was self-executed

  4. #4
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    What do you mean by "self-executed"? Do you mean that the system somehow (cron, daemon, etc.) executed it, and you want IDS (whatever that is) to detect this, if the script is owned by a given user?

  5. #5
    Just Joined!
    Join Date
    Apr 2011
    Posts
    38
    I recently installed psacct, that monitors process' creations by users... if a daemon runs a script what user related to script's execution can I see from psacct?

    (This question is to give you a comprehensive answer)

  6. #6
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    did you try this command:
    Code:
    dump-acct /var/account/pacct
    at a quick glance, the 5th column in the output seems to reflect the UID of the user that ran/is running the process

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •