0byt3m1n1

Path: /data/7/tmp/ [ Home ]
File: fd2
#!/usr/bin/ruby

#
# Begin constants
#
#MailRecipients = 'frankd@networksolutions.com'
MailRecipients = 'frankd@networksolutions.com,mgallagher@networksolutions.com,matthewh@networksolutions.com,asaxena@networksolutions.com,jpolkows@networksolutions.com,DEvans@networksolutions.com,ESullivan@web.com,hyunjino@web.com,Christopher.Garrity@networksolutions.com,CEldrige@web.com,Jeff.Sharpe@networksolutions.com,yhlin@networksolutions.com,Nathan.Finck@networksolutions.com,Tolulope.Fagbuyi@networksolutions.com,John.Hazelwood@networksolutions.com,jli@networksolutions.com,NOCSupervisor@networksolutions.com'
#
# End constants
#

ps_output = `ps -ef`

suspect_processes = ps_output.split(/\n/).select { |ps_line|
	(ps_line =~ /(vi |view |vim |gvim |ex |rvim )/) && (ps_line !~ /(grep|^root.*sudo bash -o vi|^root.*bash -o vi|^smmsp.*sendmail|\/usr\/sbin\/sendmail|index|\/usr\/Tivoli)/i)
}

if (suspect_processes.size > 0) then
	puts "#{suspect_processes.size} suspicious processes found:\n" + suspect_processes.join("\n") + "\n"

	hostname = `uname -n`.chomp

	p = IO.popen('/usr/sbin/sendmail -t','w')
	p.puts "To: #{MailRecipients}"
	p.puts "Subject: #{suspect_processes.size} suspicious processes found on #{hostname}";
	p.puts "\n" + suspect_processes.join("\n") + "\n"
	p.puts "Snaphot of process table follows:\n#{ps_output}"
	p.close
	#`. /etc/Tivoli/lcf/1/lcf_env.sh; $LCF_BINDIR/../bin/wpostemsg -r SEVERE hostname=#{hostname} msg='#{suspect_processes.size} suspicious processes found. More information was made available via e-mail' EVENT EDITORPROCESSESWATCHER`
end

exit