aboutsummaryrefslogtreecommitdiff
path: root/nwatch
diff options
context:
space:
mode:
authorTom Ryder <tom@sanctum.geek.nz>2018-07-10 15:27:27 +1200
committerTom Ryder <tom@sanctum.geek.nz>2018-07-10 15:27:27 +1200
commit2ede5a472390a8240440d157ba32caafbea83c77 (patch)
tree5a78ea35ef924f4c358094f8bd258fb92e4b280d /nwatch
parentRename README to .md (diff)
downloadnwatch-2ede5a472390a8240440d157ba32caafbea83c77.tar.gz
nwatch-2ede5a472390a8240440d157ba32caafbea83c77.zip
Remove imposed structure
It's only two files; let's not overdo it.
Diffstat (limited to 'nwatch')
-rwxr-xr-xnwatch76
1 files changed, 76 insertions, 0 deletions
diff --git a/nwatch b/nwatch
new file mode 100755
index 0000000..eb28a52
--- /dev/null
+++ b/nwatch
@@ -0,0 +1,76 @@
+#!/usr/bin/env bash
+
+#
+# nwatch(1) -- Slightly friendlier version of the suggested script in the
+# manual page for ndiff(1) from the Nmap suite, implemented in Bash.
+#
+# Usage:
+# $ nwatch HOSTLIST CACHEDIR
+# Example with root privileges:
+# # nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet
+#
+# Prints the results of an ndiff(1) call against the last known scan to stdout;
+# intended to be called from cron(8):
+# 0 0 * * 0 nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet
+#
+# I recommend you use Mail::Run::Crypt, so you don't leak your network
+# information in plain text in your email:
+# <https://metacpan.org/pod/Mail::Run::Crypt>
+#
+# Please also consider whether your scan actually requires root privileges, and
+# could not instead be run by a dedicated user with appropriately limited
+# privileges.
+#
+# Author: Tom Ryder <tom@sanctum.geek.nz>
+# Copyright: 2014
+# License: GPLv2 (same as Nmap itself)
+#
+
+# Defensive umask by default; change at your own risk!
+umask 0077
+
+# Some fixed values
+self=nwatch
+hostlist=${1:?}
+cachedir=${2:?}
+latest=$cachedir/${self}.scan.latest
+
+# If the cachedir doesn't exist, attempt to create it, otherwise give up
+if [[ ! -d "$cachedir" ]] ; then
+ if ! mkdir -- "$cachedir" ; then
+ exit 1
+ fi
+fi
+
+# Today's values
+date=$(date +%s)
+cache=$cachedir/${self}.scan.${date}
+diff=$cachedir/${self}.diff.${date}
+
+# Run the scan or give up
+if ! nmap -v -T4 -sV --open -iL "$hostlist" -oA "$cache" >/dev/null ; then
+ exit 1
+fi
+
+# If the link to the XML file is legible, run the diff or give up
+if [[ -r ${latest}.xml ]] ; then
+ ndiff -- "$latest".xml "$cache".xml > "$diff"
+
+ # Because we always want a report, only exit if an actual error condition
+ # (1 means there's a meaningful diff in the scans)
+ if (($? == 2)) ; then
+ exit 1
+ fi
+fi
+
+# Create or update the links
+rm -f "${cache/$date/latest}".*
+for cachetype in "$cache".* ; do
+ ln -s -- "$cachetype" "${cachetype/$date/latest}"
+done
+
+# Write diff to stdout if it exists (not an error if it doesn't)
+if [[ -r $diff ]] ; then
+ cat -- "$diff"
+fi
+