From 833d3c4255bb149c4cd61e3cac0ee0b557723977 Mon Sep 17 00:00:00 2001 From: Tom Ryder Date: Tue, 10 Jul 2018 15:26:50 +1200 Subject: Rename README to .md --- README.markdown | 37 ------------------------------------- README.md | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 37 deletions(-) delete mode 100644 README.markdown create mode 100644 README.md diff --git a/README.markdown b/README.markdown deleted file mode 100644 index f1c5a3a..0000000 --- a/README.markdown +++ /dev/null @@ -1,37 +0,0 @@ -Nwatch -====== - -Slightly friendlier version of the suggested script in the manual page for -[`ndiff(1)`](http://linux.die.net/man/1/ndiff) from the -[Nmap](http://nmap.org/) suite, implemented in Bash. - -Usage: - - $ nwatch HOSTLIST CACHEDIR - -Example with root privileges: - - # nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet - -Prints the results of an `ndiff(1)` call against the last known scan to stdout; -intended to be called from `cron(8)`: - - 0 0 * * 0 nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet - -I recommend you use -[Mail::Run::Crypt](https://metacpan.org/pod/Mail::Run::Crypt), so you don't -leak your network information in plain text in your email. - -Please also consider whether your scan actually requires root privileges, and -could not instead be run by a dedicated user with appropriately limited -privileges. - -License -------- - -Copyright (c) [Tom Ryder](https://sanctum.geek.nz/). Distributed under -[GPLv2](https://www.gnu.org/licenses/gpl-2.0.html), same as Nmap itself; see -`LICENSE`. - -Nmap is a registered trademark of Insecure.Com LLC, and this project is not -affiliated with it. diff --git a/README.md b/README.md new file mode 100644 index 0000000..f1c5a3a --- /dev/null +++ b/README.md @@ -0,0 +1,37 @@ +Nwatch +====== + +Slightly friendlier version of the suggested script in the manual page for +[`ndiff(1)`](http://linux.die.net/man/1/ndiff) from the +[Nmap](http://nmap.org/) suite, implemented in Bash. + +Usage: + + $ nwatch HOSTLIST CACHEDIR + +Example with root privileges: + + # nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet + +Prints the results of an `ndiff(1)` call against the last known scan to stdout; +intended to be called from `cron(8)`: + + 0 0 * * 0 nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet + +I recommend you use +[Mail::Run::Crypt](https://metacpan.org/pod/Mail::Run::Crypt), so you don't +leak your network information in plain text in your email. + +Please also consider whether your scan actually requires root privileges, and +could not instead be run by a dedicated user with appropriately limited +privileges. + +License +------- + +Copyright (c) [Tom Ryder](https://sanctum.geek.nz/). Distributed under +[GPLv2](https://www.gnu.org/licenses/gpl-2.0.html), same as Nmap itself; see +`LICENSE`. + +Nmap is a registered trademark of Insecure.Com LLC, and this project is not +affiliated with it. -- cgit v1.2.3 From 2ede5a472390a8240440d157ba32caafbea83c77 Mon Sep 17 00:00:00 2001 From: Tom Ryder Date: Tue, 10 Jul 2018 15:27:27 +1200 Subject: Remove imposed structure It's only two files; let's not overdo it. --- bin/nwatch | 76 ------------------------------------------------- nwatch | 76 +++++++++++++++++++++++++++++++++++++++++++++++++ nwatch.1 | 37 ++++++++++++++++++++++++ share/man/man1/nwatch.1 | 37 ------------------------ 4 files changed, 113 insertions(+), 113 deletions(-) delete mode 100755 bin/nwatch create mode 100755 nwatch create mode 100644 nwatch.1 delete mode 100644 share/man/man1/nwatch.1 diff --git a/bin/nwatch b/bin/nwatch deleted file mode 100755 index eb28a52..0000000 --- a/bin/nwatch +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/env bash - -# -# nwatch(1) -- Slightly friendlier version of the suggested script in the -# manual page for ndiff(1) from the Nmap suite, implemented in Bash. -# -# Usage: -# $ nwatch HOSTLIST CACHEDIR -# Example with root privileges: -# # nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet -# -# Prints the results of an ndiff(1) call against the last known scan to stdout; -# intended to be called from cron(8): -# 0 0 * * 0 nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet -# -# I recommend you use Mail::Run::Crypt, so you don't leak your network -# information in plain text in your email: -# -# -# Please also consider whether your scan actually requires root privileges, and -# could not instead be run by a dedicated user with appropriately limited -# privileges. -# -# Author: Tom Ryder -# Copyright: 2014 -# License: GPLv2 (same as Nmap itself) -# - -# Defensive umask by default; change at your own risk! -umask 0077 - -# Some fixed values -self=nwatch -hostlist=${1:?} -cachedir=${2:?} -latest=$cachedir/${self}.scan.latest - -# If the cachedir doesn't exist, attempt to create it, otherwise give up -if [[ ! -d "$cachedir" ]] ; then - if ! mkdir -- "$cachedir" ; then - exit 1 - fi -fi - -# Today's values -date=$(date +%s) -cache=$cachedir/${self}.scan.${date} -diff=$cachedir/${self}.diff.${date} - -# Run the scan or give up -if ! nmap -v -T4 -sV --open -iL "$hostlist" -oA "$cache" >/dev/null ; then - exit 1 -fi - -# If the link to the XML file is legible, run the diff or give up -if [[ -r ${latest}.xml ]] ; then - ndiff -- "$latest".xml "$cache".xml > "$diff" - - # Because we always want a report, only exit if an actual error condition - # (1 means there's a meaningful diff in the scans) - if (($? == 2)) ; then - exit 1 - fi -fi - -# Create or update the links -rm -f "${cache/$date/latest}".* -for cachetype in "$cache".* ; do - ln -s -- "$cachetype" "${cachetype/$date/latest}" -done - -# Write diff to stdout if it exists (not an error if it doesn't) -if [[ -r $diff ]] ; then - cat -- "$diff" -fi - diff --git a/nwatch b/nwatch new file mode 100755 index 0000000..eb28a52 --- /dev/null +++ b/nwatch @@ -0,0 +1,76 @@ +#!/usr/bin/env bash + +# +# nwatch(1) -- Slightly friendlier version of the suggested script in the +# manual page for ndiff(1) from the Nmap suite, implemented in Bash. +# +# Usage: +# $ nwatch HOSTLIST CACHEDIR +# Example with root privileges: +# # nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet +# +# Prints the results of an ndiff(1) call against the last known scan to stdout; +# intended to be called from cron(8): +# 0 0 * * 0 nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet +# +# I recommend you use Mail::Run::Crypt, so you don't leak your network +# information in plain text in your email: +# +# +# Please also consider whether your scan actually requires root privileges, and +# could not instead be run by a dedicated user with appropriately limited +# privileges. +# +# Author: Tom Ryder +# Copyright: 2014 +# License: GPLv2 (same as Nmap itself) +# + +# Defensive umask by default; change at your own risk! +umask 0077 + +# Some fixed values +self=nwatch +hostlist=${1:?} +cachedir=${2:?} +latest=$cachedir/${self}.scan.latest + +# If the cachedir doesn't exist, attempt to create it, otherwise give up +if [[ ! -d "$cachedir" ]] ; then + if ! mkdir -- "$cachedir" ; then + exit 1 + fi +fi + +# Today's values +date=$(date +%s) +cache=$cachedir/${self}.scan.${date} +diff=$cachedir/${self}.diff.${date} + +# Run the scan or give up +if ! nmap -v -T4 -sV --open -iL "$hostlist" -oA "$cache" >/dev/null ; then + exit 1 +fi + +# If the link to the XML file is legible, run the diff or give up +if [[ -r ${latest}.xml ]] ; then + ndiff -- "$latest".xml "$cache".xml > "$diff" + + # Because we always want a report, only exit if an actual error condition + # (1 means there's a meaningful diff in the scans) + if (($? == 2)) ; then + exit 1 + fi +fi + +# Create or update the links +rm -f "${cache/$date/latest}".* +for cachetype in "$cache".* ; do + ln -s -- "$cachetype" "${cachetype/$date/latest}" +done + +# Write diff to stdout if it exists (not an error if it doesn't) +if [[ -r $diff ]] ; then + cat -- "$diff" +fi + diff --git a/nwatch.1 b/nwatch.1 new file mode 100644 index 0000000..109d891 --- /dev/null +++ b/nwatch.1 @@ -0,0 +1,37 @@ +.TH NWATCH 1 "May 2014" "Manual page for nwatch" +.SH NAME +.B nwatch +\- slightly nicer Nmap ndiff(1) wrapper +.SH USAGE +.B nwatch +.I HOSTLIST +.I CACHEDIR +.SH SYNOPSIS +.B nwatch +/etc/nwatch.mynet +/var/cache/nwatch/mynet +.SH DESCRIPTION +.B nwatch +reads a list of hosts from +.I HOSTLIST +and runs an nmap(1) command suitable for running through ndiff(1) against those +hosts. It caches the scan output in plain text, greppable, and XML formats in +.I CACHEDIR +and then runs ndiff(1) between the last scan it can find and the current scan, +storing the output in CACHEDIR and printing it to stdout. This makes it useful +for running from cron(8): +.PP + 0 0 * * 0 nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet +.PP +I recommend you use Mail::Run::Crypt, so you don't leak your network +information in plain text in your email: +https://metacpan.org/pod/Mail::Run::Crypt +.PP +Please also consider whether your scan actually requires root privileges, and +could not instead be run by a dedicated user with appropriately limited +privileges. +.SH SEE ALSO +nmap(1), ndiff(1), runcrypt(1), Mail::Run::Crypt(3) +.SH AUTHOR +Tom Ryder + diff --git a/share/man/man1/nwatch.1 b/share/man/man1/nwatch.1 deleted file mode 100644 index 109d891..0000000 --- a/share/man/man1/nwatch.1 +++ /dev/null @@ -1,37 +0,0 @@ -.TH NWATCH 1 "May 2014" "Manual page for nwatch" -.SH NAME -.B nwatch -\- slightly nicer Nmap ndiff(1) wrapper -.SH USAGE -.B nwatch -.I HOSTLIST -.I CACHEDIR -.SH SYNOPSIS -.B nwatch -/etc/nwatch.mynet -/var/cache/nwatch/mynet -.SH DESCRIPTION -.B nwatch -reads a list of hosts from -.I HOSTLIST -and runs an nmap(1) command suitable for running through ndiff(1) against those -hosts. It caches the scan output in plain text, greppable, and XML formats in -.I CACHEDIR -and then runs ndiff(1) between the last scan it can find and the current scan, -storing the output in CACHEDIR and printing it to stdout. This makes it useful -for running from cron(8): -.PP - 0 0 * * 0 nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet -.PP -I recommend you use Mail::Run::Crypt, so you don't leak your network -information in plain text in your email: -https://metacpan.org/pod/Mail::Run::Crypt -.PP -Please also consider whether your scan actually requires root privileges, and -could not instead be run by a dedicated user with appropriately limited -privileges. -.SH SEE ALSO -nmap(1), ndiff(1), runcrypt(1), Mail::Run::Crypt(3) -.SH AUTHOR -Tom Ryder - -- cgit v1.2.3 From d6b811ddd2aeb122ebbde4964d45c6d3f8bc6d5c Mon Sep 17 00:00:00 2001 From: Tom Ryder Date: Tue, 10 Jul 2018 15:27:58 +1200 Subject: Strip trailing lines --- nwatch | 1 - nwatch.1 | 1 - 2 files changed, 2 deletions(-) diff --git a/nwatch b/nwatch index eb28a52..32a7afe 100755 --- a/nwatch +++ b/nwatch @@ -73,4 +73,3 @@ done if [[ -r $diff ]] ; then cat -- "$diff" fi - diff --git a/nwatch.1 b/nwatch.1 index 109d891..fabf548 100644 --- a/nwatch.1 +++ b/nwatch.1 @@ -34,4 +34,3 @@ privileges. nmap(1), ndiff(1), runcrypt(1), Mail::Run::Crypt(3) .SH AUTHOR Tom Ryder - -- cgit v1.2.3 From ffbe8ea91633b29e3f7ca040d3e148f34de11d10 Mon Sep 17 00:00:00 2001 From: Tom Ryder Date: Tue, 10 Jul 2018 15:50:53 +1200 Subject: Add some ad-hoc Awk filtering to the output It may be possible to accomplish some/all of this with Nmap or Ndiff features, but I can't see how just yet. --- nwatch | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/nwatch b/nwatch index 32a7afe..c981fbc 100755 --- a/nwatch +++ b/nwatch @@ -71,5 +71,18 @@ done # Write diff to stdout if it exists (not an error if it doesn't) if [[ -r $diff ]] ; then - cat -- "$diff" + awk '/^[-+]Not shown: / { next } +/^[-+]/ { diff = 1 } +NF { lines[++l] = $0 } +function write() { + if (diff) { + for (l in lines) + print lines[l] + print "" + } + diff = l = 0 +} +!NF { write() } +END { write() } +' -- "$diff" fi -- cgit v1.2.3 From e832a637811393b2378a640088713d99e47ecde3 Mon Sep 17 00:00:00 2001 From: Tom Ryder Date: Tue, 10 Jul 2018 15:54:42 +1200 Subject: Update documentation to reflect v2.0.0 --- README.md | 4 ++-- nwatch.1 | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index f1c5a3a..3df5148 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,8 @@ Example with root privileges: # nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet -Prints the results of an `ndiff(1)` call against the last known scan to stdout; -intended to be called from `cron(8)`: +Prints the filtered results of an `ndiff(1)` call against the last +known scan to stdout; intended to be called from `cron(8)`: 0 0 * * 0 nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet diff --git a/nwatch.1 b/nwatch.1 index fabf548..d35d469 100644 --- a/nwatch.1 +++ b/nwatch.1 @@ -1,4 +1,4 @@ -.TH NWATCH 1 "May 2014" "Manual page for nwatch" +.TH NWATCH 1 "July 2018" "Manual page for nwatch" .SH NAME .B nwatch \- slightly nicer Nmap ndiff(1) wrapper @@ -18,8 +18,8 @@ and runs an nmap(1) command suitable for running through ndiff(1) against those hosts. It caches the scan output in plain text, greppable, and XML formats in .I CACHEDIR and then runs ndiff(1) between the last scan it can find and the current scan, -storing the output in CACHEDIR and printing it to stdout. This makes it useful -for running from cron(8): +storing the output in CACHEDIR and printing it to stdout, after an attempt at +some intelligent filtering. This makes it useful for running from cron(8): .PP 0 0 * * 0 nwatch /etc/nwatch.mynet /var/cache/nwatch/mynet .PP -- cgit v1.2.3 From 8d6599067084ce6fa4f9fbced4e401ab87583153 Mon Sep 17 00:00:00 2001 From: Tom Ryder Date: Tue, 10 Jul 2018 15:53:52 +1200 Subject: Bump VERSION --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 3eefcb9..227cea2 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.0.0 +2.0.0 -- cgit v1.2.3