Linux Training

Linux training for private, public & voluntary sector.

0800 024 8425

City LinUX sample scripts - chkftpd

NAME

chkftpd - checks remote ftpd logs for dropped links and refused ports, if problems are found the scripts raises alerts and starts tcpdump on the remote host.

SYNOPSIS

chkftpd [ -c <client host> ] [ -d ] [ -e <mail rcpt> ] [ -l ] [ -r <runtime(secs) ] [ -t ] [ -T <sms number> ] [ -v ] <hostname> | -h .b r

AVAILABILITY

chkftpd is a Bourne shell script which should work equally well on all versions of UNIX, Mac OSX and Linux.

DESCRIPTION

chkftpd checks the ftpd logs on a remote host. If problems are found then the systems operators are notified by e-mail and optionally by SMS text message. Tcpdump is started on the remote host and attempts to record relevant network packets for later analysis.

OPTIONS

-c <client host> Use the ftp client host name or IP to filter packets collected by tcpdump .

-d Switch to debug mode.

-e <e-mail address> Use email address for alerts in preference to the default hard coded in the script.

-h    if used on its own the manual page is invoked. Using -h    in combination with other options is an error. The command syntax is printed to standard error and the script terminates.

-l    Use the system logging facility to log the start of chkftpd and again to log the identification of a problem.

"-r #" Set the duration, in seconds for which tcpdump will run. The default value is 120 seconds.

-t Put chkftpd in test mode. Alerts will be sent regardless of whether or not problems are detected.

-T <phone number> Send SMS text alerts to phone number

-v    Set verbose mode. Ordinarily chkftpd operates silently unless problems are detected. In verbose mode chkftpd reports on every significant action.

EXAMPLES

chkftpd -c 10.0.0.3 -r 300 -T 01159999999 -e user@addr.com

Check the ftpd logs on host qsl. If problems are detected notify user@addr.com, text 0115 599 9999 and run tcpdump for 5 minutes filtering for packets to or from 10.0.0.3.

BUGS

The script is quite crude having been developed to address problems experienced by a City Linux client running CentOS servers at 1and1 in Germany. It does depend on very specific file and remote access permissions. Particularly it expects that where root permission is required sudo will be used. With judicious use of the debug and verbose modes, permission and configuration problems should be relatively easy to resolve. Currently chkftpd is looking for dropped links and refused PORTS, it also expects to receive the symbolic name or ip of the ftp client host involved and passes this to tcpdump . If the -c option is not used the Behaviour is uncertain.

SEE ALSO

chkdf, chkfw, clean, secscan.

AUTHOR

Clifford W Fulford, City Linux. Contact fulford@fulford.net or +44 (0)709 229 5385.


The layout and associated style sheets for this page are taken from the World Wide Web Consortium and used here under the W3C software licence.