Hello and welcome to the Wednesday, December 21st, 2022 edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

I've ever wondered how you can get a script to run whenever someone changes a critical file. There are, of course,

some fairly large EDR solutions and such that do it, but Xavier is introducing an interesting

tool that I actually didn't know about either, that allows you to essentially schedule scripts similar to Cron whenever a file is being opened or accessed or changed.

Now, this tool ties into the I Notify API. That's a standard Linux API.

And tool is called in-cron or ein-Kron, I guess.

That tool has a syntax and works a little bit sort of like Kron, but of course it doesn't

start scripts based on a particular timestamp, but instead whenever a file is being accessed.

And then you can sort of make particular conditions like, for example, the file is deleted,

if it's moved or if the new file is created and such, or modified.

So that gives you some fine-crained control over when your script runs. A pretty

neat tool and certainly helpful if you sort of quickly need to watch a couple critical files.

And then other United Storm Center updates, we do have two new lists of IP addresses that we started to maintain yesterday.

One is a list of IP address associated with Mastodon servers. The second one is a list of

IP addresses associated with publicly advertised NTP servers.

The Mastodon list is sort of interesting because now, of course,

Mastodon is sort of the big talk these days.

You may want to monitor if someone is, for example,

setting up a Mastodon server inside your network.

That's sort of where this list may come in handy. Or just if you see some

odd traffic to from a particular IP address, this will tell you, hey, this IP is used by a

...