Borrowing a concept from IDS

By jobeard
Feb 19, 2015
Post New Reply
  1. IDS: Intrusion Detection System.

    Here's a concept that has many applications - - placing a well-know file name into directories.

    • Application 1: An IDS keeps the last modified timestamp of every file (yiks, is that expensive). But it allows one to investigate files modified since a given point-in-time.

    • Application 2: Instead of uploading every file to a webhost, why not upload only changed files? The trick is to know which files have been changed! (a) create the well-know file name into every directory on the pc AFTER the upload is completed. (b) Then you can ask, Which files have been changed after the timestamp on the well-know filename.

    • Application 3: Which files have been modified since the last backup? Similar to (3), but more global in scope.

    Being an old Unix-Hack myself, I rely greatly upon Unix/Linux tools and these are easily supported by the Cygwin Emulator. After I show the concepts below, I am sure they are easily implemented in Windows too.

    • Search: Linux search is executed with FIND
      • find startingDir qualification simpleAction
      • eg: find /webroot -name _fence_.log -ls
      • which means
        • start in the dir /webroot {the starting location}
        • look for the name '_fence_log' {the qualification is file or dirname == '_fence_.log'|
        • and print the timestamp info of it (aka an action like dir _fence_.log)
    • Actions can be performed on the search results
      • for cases like (Application 2) above, mark the entire /webroot as being current using
      • find /webroot -type d -exec touch {}/_fence_.log \; -print
        • meaning start in /webroot
        • find every directory { -type d }
        • then EXECUTE the touch command on the file _fence_.log within that directory
        • (creating the file name if necessary) and giving it today's timestamp
      • Find what has been changed?
        • find /webroot -newer _fence_log xxx
        • where xxx can be -print to show the names or -ls to get the dir filename details
        • -newer _fence_.log means Find me files with timestamps > the timestamp of _fence_.log
      • the results can then be acted upon
    For cases like (Application -3) above, just use a different well-known file name, eg _LAST_BACKUP_.log and place it in the Windows \users directory
    • find /users -type d -exec touch {}/_LAST_BACKUP_.log \;

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...