Script to notify me when users are created

Question

I've created a script from what ive found on the web to notify a SA of users being added to a server. I have it setup with a cron to run the script every 5 mins to monitor differences in the /var/log/secure file but it still sends a blank email if nothing has changed. How can i edit it to not email if no changes are made. Script is below:

file="/var/log/secure"

while cmp "$file" "${file}_bkp"; do
  sleep 2
done
diff "$file" "${file}_bkp" | grep -e useradd | mailx -s "User Added On Server" email@address.com
cp "$file" "${file}_bkp"

Zabbix just stores a checksum of /etc/passwd. If a user is added the file and therefore the checksum changes. — Gerald Schneider, Nov 25 '22 at 17:03

score 0 · Answer 1 · answered Nov 25 '22 at 21:53

I agree with the comment that a more performant method of checking is to monitor the /etc/passwd file instead of analyzing a log file, that could potentially be a large, intensive file to process. If the /etc/passwd is detected to have changed, you could diff a backup of the file to see what has changed.

Quick example that you could customize to your exact needs.

# One-off initial Set up
md5 -q /etc/passwd > /etc/passwd.md5
cp /etc/passwd /etc/passwd.compare

# Cron job script logic
if [[ $(md5 -q /etc/passwd) != $(< /etc/passwd.md5) ]]
then
  # The passwd file has changed, do something!
  # 
  # Diff /etc/passwd with /etc/passwd.compare to get details, etc.
  # Send an alert with details
  # 
  # Prepare for the next time a change happens.
  md5 -q /etc/passwd > /etc/passwd.md5
  cp -f /etc/passwd /etc/passwd.compare
  #
fi

Script to notify me when users are created

1 Answers1