diff options
author | Tom Ryder <tom@sanctum.geek.nz> | 2018-07-10 15:27:27 +1200 |
---|---|---|
committer | Tom Ryder <tom@sanctum.geek.nz> | 2018-07-10 15:27:27 +1200 |
commit | 2ede5a472390a8240440d157ba32caafbea83c77 (patch) | |
tree | 5a78ea35ef924f4c358094f8bd258fb92e4b280d /nwatch | |
parent | Rename README to .md (diff) | |
download | nwatch-2ede5a472390a8240440d157ba32caafbea83c77.tar.gz nwatch-2ede5a472390a8240440d157ba32caafbea83c77.zip |
Remove imposed structure
It's only two files; let's not overdo it.
Diffstat (limited to 'nwatch')
-rwxr-xr-x | nwatch | 76 |
1 files changed, 76 insertions, 0 deletions
@@ -0,0 +1,76 @@ +#!/usr/bin/env bash + +# +# nwatch(1) -- Slightly friendlier version of the suggested script in the +# manual page for ndiff(1) from the Nmap suite, implemented in Bash. +# +# Usage: +# $ nwatch HOSTLIST CACHEDIR +# Example with root privileges: +# # nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet +# +# Prints the results of an ndiff(1) call against the last known scan to stdout; +# intended to be called from cron(8): +# 0 0 * * 0 nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet +# +# I recommend you use Mail::Run::Crypt, so you don't leak your network +# information in plain text in your email: +# <https://metacpan.org/pod/Mail::Run::Crypt> +# +# Please also consider whether your scan actually requires root privileges, and +# could not instead be run by a dedicated user with appropriately limited +# privileges. +# +# Author: Tom Ryder <tom@sanctum.geek.nz> +# Copyright: 2014 +# License: GPLv2 (same as Nmap itself) +# + +# Defensive umask by default; change at your own risk! +umask 0077 + +# Some fixed values +self=nwatch +hostlist=${1:?} +cachedir=${2:?} +latest=$cachedir/${self}.scan.latest + +# If the cachedir doesn't exist, attempt to create it, otherwise give up +if [[ ! -d "$cachedir" ]] ; then + if ! mkdir -- "$cachedir" ; then + exit 1 + fi +fi + +# Today's values +date=$(date +%s) +cache=$cachedir/${self}.scan.${date} +diff=$cachedir/${self}.diff.${date} + +# Run the scan or give up +if ! nmap -v -T4 -sV --open -iL "$hostlist" -oA "$cache" >/dev/null ; then + exit 1 +fi + +# If the link to the XML file is legible, run the diff or give up +if [[ -r ${latest}.xml ]] ; then + ndiff -- "$latest".xml "$cache".xml > "$diff" + + # Because we always want a report, only exit if an actual error condition + # (1 means there's a meaningful diff in the scans) + if (($? == 2)) ; then + exit 1 + fi +fi + +# Create or update the links +rm -f "${cache/$date/latest}".* +for cachetype in "$cache".* ; do + ln -s -- "$cachetype" "${cachetype/$date/latest}" +done + +# Write diff to stdout if it exists (not an error if it doesn't) +if [[ -r $diff ]] ; then + cat -- "$diff" +fi + |