我期待着找到运行时间超过30分钟的Unix系统（即Linux、Solaris或AIX）上任何用户运行的any rm（remove command）命令。如果有任何捕获，并发送电子邮件给管理员。你知道吗

其次，有时我会要求这个脚本只在nfs挂载的文件系统上运行。到目前为止，我已经创建了两个小片段，一个是显示服务器上所有正在运行的进程，如下所示：

1) script to show the running process :

import subprocess
psDig = subprocess.Popen(['ps', 'aux'], stdout=subprocess.PIPE).communicate()[0]
psList = psDig.split('\n')
pfields = len(psList[0].split()) - 1
for row in psList [1:]:
     print row.split(None, pfields)

The above scripts captures the output in the Below format :

['smmsp', '24538', '0.0', '0.0', '80656', '2144', '?', 'Ss', 'Apr19', '0:00', 'sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue']
['karn', '27274', '0.0', '0.0', '105072', '784', 'pts/0', 'T', '13:21', '0:00', 'rm -i a fg h j kj']
['root', '27314', '0.0', '0.1', '104508', '4508', '?', 'Ss', '13:21', '0:00', 'sshd: karn [priv]']
['karn', '27317', '0.0', '0.0', '104508', '1856', '?', 'S', '13:21', '0:00', 'sshd: karn@pts/3 ']
['karn', '27318', '0.0', '0.0', '108396', '1980', 'pts/3', 'Ss', '13:21', '0:00', '/bin/bash --login']
['karn', '27376', '0.0', '0.0', '105072', '776', 'pts/3', 'S+', '13:22', '0:00', 'rm -rf a fg h j kj']
['root', '28211', '0.0', '0.1', '191860', '4140', 'pts/6', 'S', 'Apr19', '0:00', 'sudo su - karn']
['root', '28224', '0.0', '0.0', '163708', '1900', 'pts/6', 'S', 'Apr19', '0:00', 'su - karn']

因此，在上面的输出中，我只需要过滤具有rm -i或rm -rf的行。你知道吗

2) below is the script Just to catch the NFS Filesystems only in orfer to run it on the nfs specific mount point.

#!/usr/bin/python
import commands
import os
def getmount():

    listMount = commands.getoutput('mount | grep nfs')
    mountLines = listMount.split('\n')[1::]
    mountPoints = map(lambda line: line.split()[2], mountLines)
    for listMount in mountPoints:
        print listMount
getmount()

When i run it it, this yields the output like below..

bash-4.1$ ./getCurrentmount.py
/home/karn
/grid/common/bin

如有任何帮助或提示，我们将不胜感激。你知道吗