Hello there now i will teach you how to monitor a website files to track and react to any type of events like a MOD or a DELETE or WRITE event in those files you can expand the python code to make it better for example you can create a routine that writes the log into a file this way the tutorial wont require stdbuf for sending output to the log anyways here we go hope it helps you:
[root@localhost rafael]# dnf install python-pip
Last metadata expiration check: 2:29:38 ago on Thu 16 Aug 2018 09:18:22 AM EDT.
Package python2-pip-9.0.3-2.fc26.noarch is already installed, skipping.
Dependencies resolved.
Nothing to do.
Complete!
Proceed now as regular user
[rafael@localhost ~]$ pip install pyinotify
Collecting pyinotify
Downloading https://files.pythonhosted.org/packages/e3/c0/fd5b18dde17c1249658521f69598f3252f11d9d7a980c5be8619970646e1/pyinotify-0.9.6.tar.gz (60kB)
100% |████████████████████████████████| 61kB 390kB/s
Installing collected packages: pyinotify
Running setup.py install for pyinotify … done
Successfully installed pyinotify-0.9.6
[rafael@localhost ~]$
Now we do some python coding also check that some events are not needed for example
import sys
import pyinotify
from datetime import datetime
#find “$PWD” | grep -v logs
#copy paste XLS
#delete whitespaces
#sed -r ‘s/\s+//g’ files_to_monitor.txt > final.txt
#copy paste to this code.
#stdbuf -oL python monitor.py > FSmonitor.log &
class MyEventHandler(pyinotify.ProcessEvent):
def process_IN_ACCESS(self, event):
date = datetime.now().strftime(“%y-%m-%d %H-%M-%S”)
print date,”ACCESS event:”, event.pathname
def process_IN_ATTRIB(self, event):
date = datetime.now().strftime(“%y-%m-%d %H-%M-%S”)
print date,”ATTRIB event:”, event.pathname
def process_IN_CLOSE_WRITE(self, event):
date = datetime.now().strftime(“%y-%m-%d %H-%M-%S”)
print date,”CLOSE_WRITE event:”, event.pathname
def process_IN_CREATE(self, event):
date = datetime.now().strftime(“%y-%m-%d %H-%M-%S”)
print date,”CREATE event:”, event.pathname
def process_IN_DELETE(self, event):
date = datetime.now().strftime(“%y-%m-%d %H-%M-%S”)
print date,”DELETE event:”, event.pathname
def process_IN_MODIFY(self, event):
date = datetime.now().strftime(“%y-%m-%d %H-%M-%S”)
print date,”MODIFY event:”, event.pathname
def main():
# watch manager
wm = pyinotify.WatchManager()
wm.add_watch([‘/var/log/messages’, ‘/var/log/lastlog’, ‘/var/log/cron’, ‘/var/log/secure’, ‘/var/log/dnf.librepo.log’, ‘/var/log/dnf.log’ ],
pyinotify.ALL_EVENTS, rec=True)
# event handler
eh = MyEventHandler()
# notifier
notifier = pyinotify.Notifier(wm, eh)
notifier.loop()
if __name__ == ‘__main__’:
main()
We would need to connect to the mail server by CLI for the alarm sending set the following at:
[root@localhost rafael]# tail /etc/mail.rc
# Configuration for sending ALARMS
set smtp=smtp://mail.xxxxxx.com
set smtp-auth=login
set smtp-auth-user=xxxxxx@xxxx.com
set smtp-auth-password=xxxxxxxxxxxxxxx
Now we can do a bash script sending email trigger alert:
#!/bin/bash
#monitor script
#Author: Rafael E Rumbos S
unset line_counter_of_filesystem_log
unset application_modification_tracker
line_counter_of_filesystem_log=`wc -l /home/italerts/FSmonitor.log | awk ‘{ print $1 }’`
application_modification_tracker=0
if [ $line_counter_of_filesystem_log -gt $application_modification_tracker ]; then
web_app=”/Website_to_monitor/”
content1=`date`
content2=`hostname`
logfile=”/home/italerts/permanent_FS_LOG.log”
cat /home/italerts/FSmonitor.log >> /home/italerts/permanent_FS_LOG.log
>/home/italerts/FSmonitor.log
echo $content1 ” — ” $content2 ” — ” $line_counter_of_filesystem_log lines in the Web application tracker outside of the limit Please check “—>” $web_app “—” check the log at $logfile | mail -v -s “ALARM from Filesystem Integrity system” your_account@somedomain.com
else
echo nada que hacer
fi
Also notice that we are using a 2 LOGS logic, this to avoid spamming the emails accounts with unnecessary alerts, when the event trigger it send the alert then at the script the routine cleans the log so when you set this in Cron table it wont trigger every time.