OPEXXX

#!/bin/bash

#Bash script to email admin when changes are detected in a network using Nmap and Ndiff.

#

#Don’t forget to adjust the CONFIGURATION variables.

#Paulino Calderon <calderon@websec.mx>

#

#CONFIGURATION

#

NETWORK=”calder0n.com”

ADMIN=paulino.calderon@gmail.com

NMAP_FLAGS=”-sV -Pn -p- -T4”

BASE_PATH=/usr/local/share/nmap-mon/

BIN_PATH=/usr/local/bin/

BASE_FILE=base.xml

NDIFF_FILE=ndiff.log

NEW_RESULTS_FILE=newscanresults.xml

BASE_RESULTS=”$BASE_PATH$BASE_FILE”

NEW_RESULTS=”$BASE_PATH$NEW_RESULTS_FILE”

NDIFF_RESULTS=”$BASE_PATH$NDIFF_FILE”

NDIFF=”$BIN_PATHndiff”

if [ -f $BASE_RESULTS ]

then

  echo “Checking host $NETWORK”

  $NMAP_COM

  /usr/local/bin/ndiff $BASE_RESULTS $NEW_RESULTS > $NDIFF_RESULTS

  if [ $(cat $NDIFF_RESULTS | wc -l) -gt 0 ]

  then

    echo “Network changes detected in $NETWORK”

    cat $NDIFF_RESULTS

    echo “Alerting admin $ADMIN”

    mail -s “Network changes detected in $NETWORK” $ADMIN < $NDIFF_RESULTS

  fi

fi