#!/bin/sh
# psCheck v.01 by tibim (12/23/00)
# Inspiration taken from http://www.defcon1.org/chk_bkgrd
# Made to run on FreeBSD.  Other OSes may require modifications to run properly.
# Feel free to modify to suit your needs, and if you're willing, send a copy
# my way.
# This script extracts system usernames from the passwd file and then 
# proceeds to count background processes for each user.  Output is saved as
# /tmp/proc.usr until the script finishes, at which point it's moved to 
# /tmp/proc.usr.old.  Starting on the second run(after proc.usr.old has been
# created for the first time) each time the script is run it compares output
# between proc.usr.old(previous run) and proc.usr(current run).  This is 
# useful for monitoring changes in BG process activity between runs.  
# A recommended use for this script is setting it up to run daily from your
# crontab and mailing the results to root for inspection.
# Please send comments/suggestions to tibim@stratius.com
#----------------------------------------------------------------
echo "--- psCheck v.01 Started on `date` ---"
echo "Checking number of background processes per user..."
for a in `cat /etc/passwd | grep -v '#' | awk -F':' '{print $1}'`
do echo `ps aux | grep -v '+' | grep -v 'bash' | grep -v 'tcsh' | awk '{print $1}' | grep -c $a` '=' `echo $a` >> /tmp/proc.usr
done
chmod o-r /tmp/proc.usr
cat /tmp/proc.usr
echo "-----------"
echo "Timestamp on output from last run: `ls -l /tmp/proc.usr.old | awk '{print $6, $7, $8}'`"
echo "Checking for differences..."
diff /tmp/proc.usr.old /tmp/proc.usr
mv /tmp/proc.usr /tmp/proc.usr.old
echo "--- Run Completed on `date` ---"