Register
It is currently Thu Jul 24, 2014 9:39 pm

How to utilize inotify command properly?


All times are UTC - 6 hours


Post new topic Reply to topic  [ 2 posts ] 
Author Message
 PostPosted: Thu Jan 21, 2010 1:36 pm   

Joined: Thu Jan 21, 2010 1:34 pm
Posts: 1
I am using inotify-tools in order to achive my task. inotify-tools has two commands inotifywait or inotifywatch. I am using inotifywait. I want to be able to extract unique paths that inotifywait will output and then take those unique file path run them through clamscan and quarantine the files if necessary. Here's what I have come up with so far.

Following command will output to stdout file paths (could be duplicates as well):
Code:
inotifywait -rm -e modify -e create --format '%w%f' /var/ftp


I want to use uniq -u to extract unique paths from the above output and then pass the files or filepaths through clamscan for antivirus checking.

================================
One thing I can do is redirect the inotifywait output to a file and then go through the file and get the uniq -u paths and throw them through clamscan. But

when I run following command

Code:
[B]inotifywait -rm -e modify -e create --format '%w%f' /var/ftp > /etc/clamav/tmp/updatedfiles.txt[/B]


The output keeps appending to the txt file rather then being overwritten. I would prefer a method where I am getting an output from inotifywait "pipe" it through uniq -u and then redirect the output to a while statement where inside it I am "clamscanning" each file and quarantining if necessary. Something likee the following:
Code:
inotifywait -rm -e modify -e create /var/ftp | sort | uniq -u | while read each filepath; do clamscan --quite --move=/etc/clamav/tmp/quarantine /path-to-ftp-dir OR file & done


Can anyone please suggest the best way to do that?


Top
 Profile  
 PostPosted: Fri Jan 22, 2010 10:22 pm   
Site Admin
User avatar

Joined: Sun May 15, 2005 9:36 pm
Posts: 662
Location: Des Moines, Iowa
Code:
inotifywait -rm -e modify -e create --format '%w%f' /var/ftp > /etc/clamav/tmp/updatedfiles.txt


I see no reason that wouldn't OVERWRITE updatedfiles.txt

are you SURE that your line doesn't have >> instead of just one > ???

IF it only has the one > then I suppose you could do:

Code:
rm -f /etc/clamav/tmp/updatedfiles.txt
inotifywait -rm -e modify -e create --format '%w%f' /var/ftp > /etc/clamav/tmp/updatedfiles.txt


I'm doing this from memory, but I believe the "-f" option on remove will make the remove command silent.


Top
 Profile WWW  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: Bing [Bot] and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


BashScripts | Promote Your Page Too
Powered by phpBB © 2011 phpBB Group
© 2003 - 2011 USA LINUX USERS GROUP