slack slackbot

Monitoring a server for root files and dumps – Alerting to slack

So yea another day at work. It sometimes happens that someone makes a fuck up by either leaving dump files on a server. It also happens that a file gets placed as root-user instead of the correct sudo’d user where apache is running with.

Ill be fair to say that these are some edge-cases mostly for some older servers and wordpress installations.

Anyway I wanted to “fix” this fairly easy by providing some warning. As we use slack as a really important messaging system I thought of implementing some script/cronjob to warn us if above examples may happen.

I’m aware that there are somewhat more professional tools (Like implementing something in Nagios) but who cares, this is fun.

After some searching I found this awesome bash slack script that can post messages to slack 😀
You can find it here: https://github.com/course-hero/slacktee

So, the only thing that rested me was creating a cronjob that find files that should not be there.


#!/bin/bash

files=$(find /home/production/www/ -user root -regex ".*\.\(php\|json\|html\|htaccess\)" -mmin -6)

text="FAILURE ON X-CLOUD AT $HOSTNAME : I have found ROOT files on PRODUCTION!"

if [[ $? != 0 ]]; then
    echo "bad command"
elif [[ $files ]]; then
    echo -e $text"\n" $files | /usr/local/bin/slacktee.sh -a "danger"
fi

It is really that simple. I also extended it a little bit but the result is something like this:

slack bot sql

slack bot sql

Leave a Reply

Your email address will not be published. Required fields are marked *