apt-get install inotify-tools
script file in /root where xxxxxxxx is the ICQ client giving commands and receiving output.
notifyme
#/bin/sh
screen -S "CenterimRX" -dm centerim
while inotifywait -e close_write /root/.centerim/xxxxxxxx/history
do
tail -5 /root/.centerim/xxxxxxxx/history | grep secretcommand > /root/runme
echo "it changed"
if grep -q secretcommand /root/runme
then
echo "Command Found"
cat /root/runme | awk 'BEGIN {FS="^"} ; {print $1}' | /bin/sh | centerim -s msg -p icq -t xxxxxxxx
else
echo "No Command To Run"
fi
done
Configure the centerim client in /root/.centerim/
To us this, send a test message to the linux server ICQ user id:
ls -la^secretcommand
The script will watch the centerim chat history for a particular remote admin user ICQ UID and parse out the word secretcommand and notice a command being armed. The ^ after the command allows us to use spaces for more complicated commands. The ^ being a field separator for awk.
Input:
rx : 4 September at 16:56 :
ifconfig^secretcommand
tx : 4 September at 16:57 :
eth0 Link encap:Ethernet HWaddr 00:16:41:3b:9a:2c
inet addr:10.0.1.25 Bcast:10.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::216:41ff:fe3b:9a2c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:55628 errors:0 dropped:0 overruns:0 frame:0
TX packets:17733 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6467849 (6.1 MiB) TX bytes:2424223 (2.3 MiB)
Interrupt:16 Memory:d0080000-d00a0000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1014 errors:0 dropped:0 overruns:0 frame:0
TX packets:1014 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:60880 (59.4 KiB) TX bytes:60880 (59.4 KiB)
No comments:
Post a Comment