SlideShare a Scribd company logo

Iwatch tech 1

Download as DOCX, PDF
S
ShailajaMca

Hai friends this is my first file to be uploaded.

Technology
1 of 8
IWATCH TECHNOLOGY INTRODUCTION There are a number of excellent tools to check filesystem integrity; they are essential part of your system security. These tools allow us to detect unwanted manipulation on our system and report it to the system administrator. However, the administrator will not know about the unauthorized change or the intrusion in to the system until this tool scan the filesystem again, maybe in next few hours or in the next day, it depends on the schedule when and how often we run this filesystem integrity checker. It is very important to know about the intrusion as soon as possible. It can avoid big damage if you can react right after the break, not hours later. Unfortunately the current filesystem integrity checkers don't have the functionality to alert the system administrator immediately after filesystem's integrity is broken. This is the reason why iWatch was developed, it tries to fill this gap. iWatch monitor the filesystem's integrity in realtime and will send alarm immediately to the system administrator when there is any changes in the monitored filesystem. IWATCH TECHNOLOGY iWatch is a realtime filesystem monitoring program. Its purpose is to monitor any changes in a specific directory or file and send email notification immediately after the change. This can be very useful to watch a sensible file or directory against any changes, like files /etc/passwd,/etc/shadow or directory /bin or to monitor the root directory of a website against any unwanted changes. This application is written in Perl and need inotify support in Linux kernel >= 2.6.13. And it needs also following third party perl modules: Linux::Inotify2, Event, Mail::Sendmail and XML::Simple. You can have all this modules from cpan as usual. iWatch can be executed in two modes, the first mode is daemon mode where you can use an xml configuration file, and put a list of directories and files (targets) to monitor. And the second mode is command line mode where you can run it without a configuration file, you just need to put the necessary information (target to watch,
email, exception, recursivity, events to monitor and command to execute) in the command line. The options for both modes can't be mixed together. In the xml configuration file, each target can have its own email contact point. This contact point will get an email notification for any changes in the monitored targets. You can monitor a directory recursively, and you can also setup a list of exceptions where you don't want to monitor directory/file inside a monitored directory. It is also possible to disable email notification, and instead setup a command to be executed if an event occurs. Per default iWatch only monitor following events: close_write, create, delete, move, delete_self and move_self. But you can specify any possible events, like access, attrib, modify all_events and default. DESIGN OF IWATCH The iWatch is as fanciful a design as you could wish for. The concept timepiece is a wrist-sized iPhony, a tiny iPod Touch on a strap. It’s also gorgeous. The design is from the Italian ADR Studio, and exists only in the world of Photoshop. The main screen, seen above, shows the time, date and weather (Rome’s looking very inviting this month). The gallery goes on to show the Bluetooth syncing options (to iPad and iPhone but not a computer, oddly) and a picture of the iWatch throwing a projected movie onto a wall (hell, it’s a concept design: why not dream a little?) Read the specs and you learn that there will also be an RSS reader, Wi-Fi and 16GB memory. ADR Studio has "tried to imagine a new Apple style product," called the iWatch. It has an aluminum casing, with 16GB of internal storage and connects to iPhones or iPads by Wi-Fi or Bluetooth. It could answer calls that come through on the iPhone in your pocket, or display RSS feeds, weather or photos. An inbuilt pico projector for beaming photos and video sounds awesome but my wrist feels sore already just thinking of being held up in order to project a full movie. USING IWATCH  In the daemon mode iWatch has following options: Usage: iwatch [-d] [-f <config file>] [-v] -d Execute the application as daemon. iWatch will run in foregroud without this option. -f Specify an alternate xml configuration file. Per default, iWatch will
read /etc/iwatch.xml as it's configuration file. -p Specify an alternate pid file (default: /var/run/iwatch.pid) -v Verbose mode.  In the command line mode iWatch has following options: Usage: iwatch [-c command] [-e event[,event[,..]]] [-h|--help] [-m <email address>][-r] [-r] [-s <on|off>] [-t filter] [-v] [--version] [-x exception] <target> Target is the directory or file you want to monitor. -c command You can specify a command to be executed if an event occurs. And you can use following special string format in the command: %f Full path of the filename that gets an event %p Program name (iWatch) %v Version number -e event [,event[,..]] Specify a list of events you want to watch. Following are the possible events you can use: access : file was modified modify : file was modified attrib : file attributes changed close_write : file closed, after being opened in writeable mode close_nowrite: file closed, after being opened in read-only mode close : file closed, regardless of read/write mode open : file was opened moved_from : File was moved away from. moved_to : File was moved to. move : a file/dir within watched directory was moved create : a file was created within watched director delete : a file was deleted within watched directory delete_self : the watched file was deleted unmount : file system on which watched file exists was unmounted q_overflow : Event queued overflowed ignored : File was ignored isdir : event occurred against dir oneshot : only send event once all_events : All events
: close_write, create, delete, move, delete_self and default move_self. -h, --help Print this help. -m <email address> Specify the contact point's email address. Without this option, iwatch will not send any email notification. -r Recursivity of the watched directory. -s <on|off> Enable or disable reports to the syslog (default is off/disabled) -t <filter string> Specify a filter string (regex) to compare with the filename or directory name. It will report events only if the file/directory name matchs the filter string. -v verbose mode. --version Print the version number. -x exception Specify the file or directory which should not be watched. -X <regex string as exception> Specify a regex string as exception EXAMPLE OF CONFIGURATION FILE <config> <guard email="myadmin@localhost" name="IWatch"></guard> <watchlist> <title>Public Website</title> <contactpoint email="webmaster@localhost" name="Web Master"/> <path type="single">/var/www/localhost/htdocs</path> <path type="single" syslog="on">/var/www/localhost/htdocs/About</path> <path type="recursive">/var/www/localhost/htdocs/Photos</path> </watchlist> <watchlist>
<title>Operating System</title> <contactpoint email="admin@localhost" name="Administrator"/> <path type="recursive">/etc/apache2</path> <path type="single">/etc/passwd</path> <path type="recursive">/etc/mail</path> <path type="exception">/etc/mail/statistics</path> <path type="single" filter="shadow|passwd">/etc</path> </watchlist> <watchlist> <title>Only Test</title> <contactpoint email="root@localhost" name="Administrator"/> <path type="single" alert="off" exec="(w;ps -ef)|mail -s %f root@localhost">/tmp/dir1</path> <path type="single" events="access,close" alert="off" exec="(w;ps -ef)|mail -s %f root@localhost">/tmp/dir2</path> <path type="single" events="default,access" alert="off" exec="(w;ps -ef)|mail -s '%f is accessed' root@localhost">/tmp/dir3</path> <path type="single" events="all_events" alert="off">/tmp/dir4</path> </watchlist> </config> With this configuration, iwatch will monitor a single directory /var/www/localhost/htdocs withouth it's sub directories, and any notification will be sent to the contact point webmaster@localhost. But it will monitor the whole directory tree of /etc/apache2, including any sub directories created later after the IWatch is started. You can use also exception here if you don't want to get notification for a file or subdirectory inside the monitored directory. EXAMPLE OF THE COMMAND LINE MODE iwatch /tmp monitor changes in /tmp directory with default events iwatch -r -e access,create -m cahya@localhost -x /etc/mail /etc monitor only access and create events in /etc directory recursively with /etc/mail as exception and send email notification to cahya@localhost. iwatch -r -c "(w;ps -ef)|mail -s '%f was changed' cahya@localhost" /bin monitor /bin directory recursively and execute the command.
iwatch -r -X '.svn' ~/projects monitor ~/projects directory recursively, but exclude any .svn directories inside. This can't be done with a normal '-x' option since '-x' can only exclude the defined path. iWatch is very simple to use, suppose you want to watch the change in /etc filesystem, you just need to run it in the console $ iwatch /etc and iwatch will tell you if something changes in this directory. And if you want to be notified per email: $ iwatch -m admin@smsgw.local /etc In this case, the admin will get email notification (maybe you can use your sms gateway account, so you will be alarmed immediately anytime and anywhere). And if you want to monitor many difference directories you can use a configuration file. This configuration file is an xml file with an easy understandable structure. <config> <guard email="iwatch@localhost" name="iWatch"/> <watchlist> <title>Operating System</title> <contactpoint email="admin@localhost" name="admin"/> <path type="single">/etc</path> <path type="single">/sbin</path> <path type="recursive">/dev</path> <path type="exception">/dev/pts</path> </watchlist> <watchlist> <title>Website</title> <contactpoint email="webmaster@localhost" name="webmaster"/> <path type="recursive">/var/www/localhost/htdocs</path> </watchlist> </config>
IWATCH CONCEPT IS LIKE AN IPHONE ON YOUR WRIST This iWatch concept is designed to pair up with your iPhone, sharing information and allowing you to see all sorts of information without pulling your phone out of your pocket. And it's pretty damned slick. The watch, which would connect to your phone via Bluetooth, would have 16GB of internal storage and would allow you to do things like answer calls via it, display RSS feeds, show you the weather or let you flip through photos. There's also a built-in pico projector for letting you show videos on a nearby wall.
FEATURES run in command line mode as well as in daemon mode using an easy xml configuration file can watch directory recursively and watch new created directory can have a list of exceptions can use regex to compare the file/directory name can execute command if an event occures send email syslog print time stamp CONCLUSION Thus iWatch is an real time monitoring system.,and will send alarm immediately to the system administrator when there is any changes in the monitored filesystem. It is mainly useful for the human to prevent their system.

Recommended

FINDING FORENSIC ARTIFACTS FROM WINDOW REGISTRY
FINDING FORENSIC ARTIFACTS FROM WINDOW REGISTRYFINDING FORENSIC ARTIFACTS FROM WINDOW REGISTRY
FINDING FORENSIC ARTIFACTS FROM WINDOW REGISTRYnitinparashar786
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifactsn|u - The Open Security Community
 
SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012Rian Yulian
 
Diploma ii cfpc- u-5.2 pointer, structure ,union and intro to file handling
Diploma ii cfpc- u-5.2 pointer, structure ,union and intro to file handlingDiploma ii cfpc- u-5.2 pointer, structure ,union and intro to file handling
Diploma ii cfpc- u-5.2 pointer, structure ,union and intro to file handlingRai University
 
Computer Forensics &amp; Windows Registry
Computer Forensics &amp; Windows RegistryComputer Forensics &amp; Windows Registry
Computer Forensics &amp; Windows Registrysomutripathi
 
5.Shell And Environment
5.Shell And Environment5.Shell And Environment
5.Shell And Environmentphanleson
 
Ani hilate this week
Ani hilate this weekAni hilate this week
Ani hilate this weekUltraUploader
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 

Recommended

FINDING FORENSIC ARTIFACTS FROM WINDOW REGISTRY
FINDING FORENSIC ARTIFACTS FROM WINDOW REGISTRYFINDING FORENSIC ARTIFACTS FROM WINDOW REGISTRY
FINDING FORENSIC ARTIFACTS FROM WINDOW REGISTRYnitinparashar786
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifactsn|u - The Open Security Community
 
SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012Rian Yulian
 
Diploma ii cfpc- u-5.2 pointer, structure ,union and intro to file handling
Diploma ii cfpc- u-5.2 pointer, structure ,union and intro to file handlingDiploma ii cfpc- u-5.2 pointer, structure ,union and intro to file handling
Diploma ii cfpc- u-5.2 pointer, structure ,union and intro to file handlingRai University
 
Computer Forensics &amp; Windows Registry
Computer Forensics &amp; Windows RegistryComputer Forensics &amp; Windows Registry
Computer Forensics &amp; Windows Registrysomutripathi
 
5.Shell And Environment
5.Shell And Environment5.Shell And Environment
5.Shell And Environmentphanleson
 
Ani hilate this week
Ani hilate this weekAni hilate this week
Ani hilate this weekUltraUploader
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 
Edubooktraining
EdubooktrainingEdubooktraining
Edubooktrainingnorhloudspeaker
 
Vista Forensics
Vista ForensicsVista Forensics
Vista ForensicsCTIN
 
7 unixsecurity
7 unixsecurity7 unixsecurity
7 unixsecurityricharddxd
 
File access auditing
File access auditingFile access auditing
File access auditingBUSINESS SOFTWARES & SOLUTIONS
 
IzPack at LyonJUG'11
IzPack at LyonJUG'11IzPack at LyonJUG'11
IzPack at LyonJUG'11julien.ponge
 
Trouble shoot with linux syslog
Trouble shoot with linux syslogTrouble shoot with linux syslog
Trouble shoot with linux syslogashok191
 
Ch23 system administration
Ch23 system administration Ch23 system administration
Ch23 system administration Raja Waseem Akhtar
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationOlehLevytskyi1
 
Writing Swift code with great testability
Writing Swift code with great testabilityWriting Swift code with great testability
Writing Swift code with great testabilityJohn Sundell
 
Download It
Download ItDownload It
Download Itwebhostingguy
 
How to recognise that the user has just uninstalled your app
How to recognise that the user has just uninstalled your appHow to recognise that the user has just uninstalled your app
How to recognise that the user has just uninstalled your appAleksander Piotrowski
 
How to recognise that the user has just uninstalled your android app droidc...
How to recognise that the user has just uninstalled your android app droidc...How to recognise that the user has just uninstalled your android app droidc...
How to recognise that the user has just uninstalled your android app droidc...Przemek Jakubczyk
 
How to recognise that the user has just uninstalled your android app
How to recognise that the user has just uninstalled your android appHow to recognise that the user has just uninstalled your android app
How to recognise that the user has just uninstalled your android appPrzemek Jakubczyk
 
11i Logs
11i Logs11i Logs
11i LogsMahesh Vallampati
 
Kqueue : Generic Event notification
Kqueue : Generic Event notificationKqueue : Generic Event notification
Kqueue : Generic Event notificationMahendra M
 
Tutorial 2
Tutorial 2Tutorial 2
Tutorial 2tech2click
 
Linux filesystemhierarchy
Linux filesystemhierarchyLinux filesystemhierarchy
Linux filesystemhierarchyDr. C.V. Suresh Babu
 
Lamp1
Lamp1Lamp1
Lamp1Nadhi ya
 
Lamp1
Lamp1Lamp1
Lamp1Reka
 
Lamp
LampLamp
LampReka
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

More Related Content

Similar to Iwatch tech 1

Vista Forensics
Vista ForensicsVista Forensics
Vista ForensicsCTIN
 
7 unixsecurity
7 unixsecurity7 unixsecurity
7 unixsecurityricharddxd
 
IzPack at LyonJUG'11
IzPack at LyonJUG'11IzPack at LyonJUG'11
IzPack at LyonJUG'11julien.ponge
 
Trouble shoot with linux syslog
Trouble shoot with linux syslogTrouble shoot with linux syslog
Trouble shoot with linux syslogashok191
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationOlehLevytskyi1
 
Writing Swift code with great testability
Writing Swift code with great testabilityWriting Swift code with great testability
Writing Swift code with great testabilityJohn Sundell
 
How to recognise that the user has just uninstalled your app
How to recognise that the user has just uninstalled your appHow to recognise that the user has just uninstalled your app
How to recognise that the user has just uninstalled your appAleksander Piotrowski
 
How to recognise that the user has just uninstalled your android app droidc...
How to recognise that the user has just uninstalled your android app droidc...How to recognise that the user has just uninstalled your android app droidc...
How to recognise that the user has just uninstalled your android app droidc...Przemek Jakubczyk
 
How to recognise that the user has just uninstalled your android app
How to recognise that the user has just uninstalled your android appHow to recognise that the user has just uninstalled your android app
How to recognise that the user has just uninstalled your android appPrzemek Jakubczyk
 
Kqueue : Generic Event notification
Kqueue : Generic Event notificationKqueue : Generic Event notification
Kqueue : Generic Event notificationMahendra M
 
Lamp1
Lamp1Lamp1
Lamp1Reka
 
Lamp
LampLamp
LampReka
 

Similar to Iwatch tech 1 (20)

Edubooktraining
EdubooktrainingEdubooktraining
Edubooktraining
 
Vista Forensics
Vista ForensicsVista Forensics
Vista Forensics
 
7 unixsecurity
7 unixsecurity7 unixsecurity
7 unixsecurity
 
File access auditing
File access auditingFile access auditing
File access auditing
 
IzPack at LyonJUG'11
IzPack at LyonJUG'11IzPack at LyonJUG'11
IzPack at LyonJUG'11
 
Trouble shoot with linux syslog
Trouble shoot with linux syslogTrouble shoot with linux syslog
Trouble shoot with linux syslog
 
Ch23 system administration
Ch23 system administration Ch23 system administration
Ch23 system administration
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
 
Writing Swift code with great testability
Writing Swift code with great testabilityWriting Swift code with great testability
Writing Swift code with great testability
 
Download It
Download ItDownload It
Download It
 
How to recognise that the user has just uninstalled your app
How to recognise that the user has just uninstalled your appHow to recognise that the user has just uninstalled your app
How to recognise that the user has just uninstalled your app
 
How to recognise that the user has just uninstalled your android app droidc...
How to recognise that the user has just uninstalled your android app droidc...How to recognise that the user has just uninstalled your android app droidc...
How to recognise that the user has just uninstalled your android app droidc...
 
How to recognise that the user has just uninstalled your android app
How to recognise that the user has just uninstalled your android appHow to recognise that the user has just uninstalled your android app
How to recognise that the user has just uninstalled your android app
 
11i Logs
11i Logs11i Logs
11i Logs
 
Kqueue : Generic Event notification
Kqueue : Generic Event notificationKqueue : Generic Event notification
Kqueue : Generic Event notification
 
Tutorial 2
Tutorial 2Tutorial 2
Tutorial 2
 
Linux filesystemhierarchy
Linux filesystemhierarchyLinux filesystemhierarchy
Linux filesystemhierarchy
 
Lamp1
Lamp1Lamp1
Lamp1
 
Lamp1
Lamp1Lamp1
Lamp1
 
Lamp
LampLamp
Lamp
 

Recently uploaded

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Recently uploaded (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Iwatch tech 1

  • 1. IWATCH TECHNOLOGY INTRODUCTION There are a number of excellent tools to check filesystem integrity; they are essential part of your system security. These tools allow us to detect unwanted manipulation on our system and report it to the system administrator. However, the administrator will not know about the unauthorized change or the intrusion in to the system until this tool scan the filesystem again, maybe in next few hours or in the next day, it depends on the schedule when and how often we run this filesystem integrity checker. It is very important to know about the intrusion as soon as possible. It can avoid big damage if you can react right after the break, not hours later. Unfortunately the current filesystem integrity checkers don't have the functionality to alert the system administrator immediately after filesystem's integrity is broken. This is the reason why iWatch was developed, it tries to fill this gap. iWatch monitor the filesystem's integrity in realtime and will send alarm immediately to the system administrator when there is any changes in the monitored filesystem. IWATCH TECHNOLOGY iWatch is a realtime filesystem monitoring program. Its purpose is to monitor any changes in a specific directory or file and send email notification immediately after the change. This can be very useful to watch a sensible file or directory against any changes, like files /etc/passwd,/etc/shadow or directory /bin or to monitor the root directory of a website against any unwanted changes. This application is written in Perl and need inotify support in Linux kernel >= 2.6.13. And it needs also following third party perl modules: Linux::Inotify2, Event, Mail::Sendmail and XML::Simple. You can have all this modules from cpan as usual. iWatch can be executed in two modes, the first mode is daemon mode where you can use an xml configuration file, and put a list of directories and files (targets) to monitor. And the second mode is command line mode where you can run it without a configuration file, you just need to put the necessary information (target to watch,
  • 2. email, exception, recursivity, events to monitor and command to execute) in the command line. The options for both modes can't be mixed together. In the xml configuration file, each target can have its own email contact point. This contact point will get an email notification for any changes in the monitored targets. You can monitor a directory recursively, and you can also setup a list of exceptions where you don't want to monitor directory/file inside a monitored directory. It is also possible to disable email notification, and instead setup a command to be executed if an event occurs. Per default iWatch only monitor following events: close_write, create, delete, move, delete_self and move_self. But you can specify any possible events, like access, attrib, modify all_events and default. DESIGN OF IWATCH The iWatch is as fanciful a design as you could wish for. The concept timepiece is a wrist-sized iPhony, a tiny iPod Touch on a strap. It’s also gorgeous. The design is from the Italian ADR Studio, and exists only in the world of Photoshop. The main screen, seen above, shows the time, date and weather (Rome’s looking very inviting this month). The gallery goes on to show the Bluetooth syncing options (to iPad and iPhone but not a computer, oddly) and a picture of the iWatch throwing a projected movie onto a wall (hell, it’s a concept design: why not dream a little?) Read the specs and you learn that there will also be an RSS reader, Wi-Fi and 16GB memory. ADR Studio has "tried to imagine a new Apple style product," called the iWatch. It has an aluminum casing, with 16GB of internal storage and connects to iPhones or iPads by Wi-Fi or Bluetooth. It could answer calls that come through on the iPhone in your pocket, or display RSS feeds, weather or photos. An inbuilt pico projector for beaming photos and video sounds awesome but my wrist feels sore already just thinking of being held up in order to project a full movie. USING IWATCH  In the daemon mode iWatch has following options: Usage: iwatch [-d] [-f <config file>] [-v] -d Execute the application as daemon. iWatch will run in foregroud without this option. -f Specify an alternate xml configuration file. Per default, iWatch will
  • 3. read /etc/iwatch.xml as it's configuration file. -p Specify an alternate pid file (default: /var/run/iwatch.pid) -v Verbose mode.  In the command line mode iWatch has following options: Usage: iwatch [-c command] [-e event[,event[,..]]] [-h|--help] [-m <email address>][-r] [-r] [-s <on|off>] [-t filter] [-v] [--version] [-x exception] <target> Target is the directory or file you want to monitor. -c command You can specify a command to be executed if an event occurs. And you can use following special string format in the command: %f Full path of the filename that gets an event %p Program name (iWatch) %v Version number -e event [,event[,..]] Specify a list of events you want to watch. Following are the possible events you can use: access : file was modified modify : file was modified attrib : file attributes changed close_write : file closed, after being opened in writeable mode close_nowrite: file closed, after being opened in read-only mode close : file closed, regardless of read/write mode open : file was opened moved_from : File was moved away from. moved_to : File was moved to. move : a file/dir within watched directory was moved create : a file was created within watched director delete : a file was deleted within watched directory delete_self : the watched file was deleted unmount : file system on which watched file exists was unmounted q_overflow : Event queued overflowed ignored : File was ignored isdir : event occurred against dir oneshot : only send event once all_events : All events
  • 4. : close_write, create, delete, move, delete_self and default move_self. -h, --help Print this help. -m <email address> Specify the contact point's email address. Without this option, iwatch will not send any email notification. -r Recursivity of the watched directory. -s <on|off> Enable or disable reports to the syslog (default is off/disabled) -t <filter string> Specify a filter string (regex) to compare with the filename or directory name. It will report events only if the file/directory name matchs the filter string. -v verbose mode. --version Print the version number. -x exception Specify the file or directory which should not be watched. -X <regex string as exception> Specify a regex string as exception EXAMPLE OF CONFIGURATION FILE <config> <guard email="myadmin@localhost" name="IWatch"></guard> <watchlist> <title>Public Website</title> <contactpoint email="webmaster@localhost" name="Web Master"/> <path type="single">/var/www/localhost/htdocs</path> <path type="single" syslog="on">/var/www/localhost/htdocs/About</path> <path type="recursive">/var/www/localhost/htdocs/Photos</path> </watchlist> <watchlist>
  • 5. <title>Operating System</title> <contactpoint email="admin@localhost" name="Administrator"/> <path type="recursive">/etc/apache2</path> <path type="single">/etc/passwd</path> <path type="recursive">/etc/mail</path> <path type="exception">/etc/mail/statistics</path> <path type="single" filter="shadow|passwd">/etc</path> </watchlist> <watchlist> <title>Only Test</title> <contactpoint email="root@localhost" name="Administrator"/> <path type="single" alert="off" exec="(w;ps -ef)|mail -s %f root@localhost">/tmp/dir1</path> <path type="single" events="access,close" alert="off" exec="(w;ps -ef)|mail -s %f root@localhost">/tmp/dir2</path> <path type="single" events="default,access" alert="off" exec="(w;ps -ef)|mail -s '%f is accessed' root@localhost">/tmp/dir3</path> <path type="single" events="all_events" alert="off">/tmp/dir4</path> </watchlist> </config> With this configuration, iwatch will monitor a single directory /var/www/localhost/htdocs withouth it's sub directories, and any notification will be sent to the contact point webmaster@localhost. But it will monitor the whole directory tree of /etc/apache2, including any sub directories created later after the IWatch is started. You can use also exception here if you don't want to get notification for a file or subdirectory inside the monitored directory. EXAMPLE OF THE COMMAND LINE MODE iwatch /tmp monitor changes in /tmp directory with default events iwatch -r -e access,create -m cahya@localhost -x /etc/mail /etc monitor only access and create events in /etc directory recursively with /etc/mail as exception and send email notification to cahya@localhost. iwatch -r -c "(w;ps -ef)|mail -s '%f was changed' cahya@localhost" /bin monitor /bin directory recursively and execute the command.
  • 6. iwatch -r -X '.svn' ~/projects monitor ~/projects directory recursively, but exclude any .svn directories inside. This can't be done with a normal '-x' option since '-x' can only exclude the defined path. iWatch is very simple to use, suppose you want to watch the change in /etc filesystem, you just need to run it in the console $ iwatch /etc and iwatch will tell you if something changes in this directory. And if you want to be notified per email: $ iwatch -m admin@smsgw.local /etc In this case, the admin will get email notification (maybe you can use your sms gateway account, so you will be alarmed immediately anytime and anywhere). And if you want to monitor many difference directories you can use a configuration file. This configuration file is an xml file with an easy understandable structure. <config> <guard email="iwatch@localhost" name="iWatch"/> <watchlist> <title>Operating System</title> <contactpoint email="admin@localhost" name="admin"/> <path type="single">/etc</path> <path type="single">/sbin</path> <path type="recursive">/dev</path> <path type="exception">/dev/pts</path> </watchlist> <watchlist> <title>Website</title> <contactpoint email="webmaster@localhost" name="webmaster"/> <path type="recursive">/var/www/localhost/htdocs</path> </watchlist> </config>
  • 7. IWATCH CONCEPT IS LIKE AN IPHONE ON YOUR WRIST This iWatch concept is designed to pair up with your iPhone, sharing information and allowing you to see all sorts of information without pulling your phone out of your pocket. And it's pretty damned slick. The watch, which would connect to your phone via Bluetooth, would have 16GB of internal storage and would allow you to do things like answer calls via it, display RSS feeds, show you the weather or let you flip through photos. There's also a built-in pico projector for letting you show videos on a nearby wall.
  • 8. FEATURES run in command line mode as well as in daemon mode using an easy xml configuration file can watch directory recursively and watch new created directory can have a list of exceptions can use regex to compare the file/directory name can execute command if an event occures send email syslog print time stamp CONCLUSION Thus iWatch is an real time monitoring system.,and will send alarm immediately to the system administrator when there is any changes in the monitored filesystem. It is mainly useful for the human to prevent their system.