If you have your cloud infraestructure on Amazon AWS for audit and control purposes you may want monitor when the firewall rules of any of your security groups have changed.
With this script you will get notified when any of the security groups are modified.
# AWS credentials
export EC2_KEYPAIR=GIJDUYE75JRHFJEJEBHFHEJE88E8ZGGG # name only, not the file name
export EC2_URL=https://ec2.eu-west-1.amazonaws.com
export EC2_PRIVATE_KEY=$HOME/.certs/pk-GIJDUYE75JRHFJEJEBHFHEJE88E8ZGGG.pem
export EC2_CERT=$HOME/.certs/cert-GIJDUYE75JRHFJEJEBHFHEJE88E8ZGGG.pem
export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-amd64
# aws commands
ec2-describe-group > /home/ubuntu/.audi/group.txt
diff /home/ubuntu/.audi/group.txt /home/ubuntu/.audi/group-old.txt> /home/ubuntu/.audi/diff.txt
if test `cat /home/ubuntu/.audi/diff.txt|wc -l` != 0 ; then
cat /home/ubuntu/.audi/diff.txt|mail -s FW_AMAZON alert@bpmalert.com ;
/usr/local/bin/msg2mobile FW_AMAZON `cat diff.txt |grep PERMISSION|awk '{print($4)}'|head -1`;
fi
mv /home/ubuntu/.audi/group.txt /home/ubuntu/.audi/group-old.txt
All the magic is done with the ec2-describe-group command, storing the current state and watching for differences.
