Lately I’ve had quite a few requests come in from students and clients to review the audit script that companies are using to audit their Unix / Linux systems. It seems like every company has one person who, at some point in time, wrote a script to audit Unix systems, or they downloaded one from someone online. But in either case people keep wondering – exactly what information are they gathering, and is it the right information to help in an audit?
I know there are multiple languages a company could use to write their Unix audit script, but for me BASH (Bourne Again Shell) scripting has always been the way to go. I don’t have any problem with a company using Perl or Python for their scripts. My only concern is that there have been quite a few times that during an audit an interpreter for either language might not be on the system I’m auditing. And due to principle, I just don’t feel right asking a sysadmin to install an interpreter – not that they would even if I asked!
All that being said, I figured I would write up some Unix audit one liners to inspire you to write your own scripts. If you are writing your own, here are a few to get you started:
Display the name of the system:
Unix Host Name: $(hostname -s)
Display the DNS name of the system:
DNS Domain Name: $(hostname -d)
Display the CPU installed in the sytem:
CPU Model Name: $(cat /proc/cpuinfo | awk -F": " '/model name/{CPU=$2} END{print CPU}')
Display the CPU speed of the installed CPU:
CPU Speed (MHz): $(cat /proc/cpuinfo | awk '/cpu MHz/ { print $4 }')
Display the installed physical memory:
Total Physical Memory (MB): $(free -m | awk '/Mem:/ { print $2 }')
Display the memory in use on the system:
Used Physical Memory (MB): $(free -m | awk '/Mem:/ { print $3 }')
Display the available memory on the system:
Available Physical Memory (MB): $(free -m | awk '/Mem:/ { print $4 }')
We will post more one liners later this month. Hopefully this inspires you to take a look at the script you use or maybe even start writing your own.