This is a simple, easy to install, self contained monolithic script for monitoring activity on remote hosts. I use it on some hosts to keep an eye on things.
It uses PGP (Tested with Gnu Privacy guard) to encrypt the information prior to mailing it, so you can use it to send sensitive log information (and the output of other system commands) to yourself. The email is a multi-part MIME message, with the results of your commands, file monitors, and log files as separate PGP attachments. (One attachment pr report)
Sendmail is not required on the target host, because it will use Net::SMTP to
deliver the reports.
It's possible to write your own modules for it. Those modules are then available in your configuration as commands. The output can be emailed to you along with the other reports.
Execute system commands, useful for things like du
Monitor directories of files, regular expressions can be applied to the filename to weed out files of interest (or of non-interest)
What you'll get is a file listing with the md5 hash, size, owner, group and name. These can then be applied against a local list of filenames to locate files that have been modified.
The actual listing is emailed to you, not just the differences. This is because an intruder could modify any lists you've got on the remote host to reflect their exploits. (IMPORTANT: there is no way for this program to reliably test itself, so an intruder could modify this script to email bogus results, for this reason I recommend giving it a different name, and periodically re-install it. I know it's not the best solution, but pretty much all programs are subject to the same problem, including the PGP program itself) The reason it's 1 HUGE script as opposed to several smaller modules is to facilitate easy installations.
A built in checker is supplied, via the --check option, you can pipe in a PGP encrypted
packet with --check - to import the list and compare the filenames against
the old list.
This will examine system log files, mailing the results to you. It supports regular expressions to weed out log entries of non-interest. (You could also use it to email only log entries of interest, but I don't recommend that for normal use.)
It is a single, self contained script. Unpacking is not required.
Download it, save as maillog.pl (or any other filename you want) and run
perl maillog.pl --generate >myconf.cfg to generate
a configuration file.
Edit the configuration file for the host in question, (hint: you can have several configuration files providing different levels of information to be run at different times) The syntax of the configuration file is pretty straight forward, it resembles a shell script with here documents
Run it with perl maillog.pl -C myconf.cfg (from cron or command line)
Documentation is available by running perldoc maillog.pl
Questions, comments or requests? Contact us