This just appeared on another list. This fellow is using Nmap to port scan the entire network. First you do a base scan and see if there are any problems that need to be addressed. Once you get your network in an acceptable state, you run another base scan to be used for comparison. Then you run a daily scan as a scheduled task and the script emails you any differences. Not authored or tested by me. Here is the post. The two links in this message are perl script which I will be describing below. This way if you don't want to look at the script you don't have to go to my website. archmaker (couldn't think of a better name :-)) The both require the use of the PERL module MailTools-1.5. The format of the files produced are as follows: 10.1.1.1_RAW # Raw output of the nmap scan 10.1.1.1_Base # Cleaned up version of the nmap scan 10.1.1.1_Aug_14 # Daily cleaned up version of the nmap scan This script is designed to be ran on a remote host, on an automated basis, using the cron utility on a frequency determined by the user. USE Run the "base" code first to develop the base file. If you approve of the ports reported open on the base scan then continue on. If not fix the open ports and THEN re-run the base function to create an updated "base" file. Run the "code" using cron underneath a NON-ROOT user for security purposes. Have the address from system set to the user executing the crontab file. Took a little work in sendmail to get formatted the way I wanted, but is not that difficult. RESULT This program is currently being used once a day against a system to check the status of the ports on the system. The base is the one which the daily scans are compared against, with any difference being reported by email to whomever you want to include in your contact list. This report is basically in the format below: ------------------------------------------------------------------------------------------------------ From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Difference in 10.1.1.1 DIFFERENCES IN SCAN RESULTS BASE SCAN RECENT SCAN Port Status Service | Port Status Service ------------------------------------------------------------------------------- No Open Ports | 23 Open telnet ------------------------------------------------------------------------------------------------------ Now for the code. Any comments to make it better will be appreciated. I am an accountant, not a programmer. And all the programming I have done has been self taught. Started teaching myself PERL about two years ago, in my spare time. Believe the best way to learn is to do, not just read the book. Hence my code does have some faults. Will be working on my web site soon to place the code out in the public and better document what it does, and hopefully contain information on how to use and etc. I currently have two more scripts designed to be used against sequential IP addresses (up to 255), both the "base" and "code", but want to beta them a little more to ensure I have all the bugs worked out and want to see the recommendations made concerning these two scripts. Base code: www.archmaker.com/archmaker_base.htm Daily Scan code: www.archmaker.com/archmaker_code.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm