who or what perpetually changes directory names on my public nfs export

i sure hate it when people move or delete stuff on nfs exports. sure, root isn't squashed and half a dozen people need to work on the same thing. so, as opposed to breaking everyone's fingers, i can focus on just one.

place this snippet of code someplace useful and crontab it to run before EOD; just make sure you have perl, tcpdump & bzip installed. in crontab, make sure you have the script's path in the PATH statement.

if you were fancy, you could do something with logrotate or maybe even pipe it off to splunk. if you were fancy.

crontab entry

50 23 * * *   root    /usr/local/bin/nfs-remove-mon

nfs-mon-script

#!/usr/bin/perl

$PIDFILE = "/var/run/nfs-remove-mon.pid";
$LOGFILE_BASE = "/var/log/nfs-remove-mon";
$EXIT = 0;
$SIG{CHLD} = IGNORE;

if ( -e $PIDFILE ) {
        $PID = `cat $PIDFILE`;
        `kill -HUP $PID`;
        $DATE=`date +%F`;
        chomp $DATE;
        unlink "$LOGFILE_BASE.$DATE.log";
        unlink "$LOGFILE_BASE.$DATE.log.bz2";
        rename "$LOGFILE_BASE.log", "$LOGFILE_BASE.$DATE.log";
        unless (fork()) {
                sleep 5;
                `bzip2 -9 $LOGFILE_BASE.$DATE.log`;
                exit;
        }
}

open PID, ">$PIDFILE";
print PID $$;
close PID;

open LOG, ">$LOGFILE_BASE.log";
$STDOUT = select LOG;
$|=1;
select $STDOUT;

open TCPDUMP, "tcpdump -vvvvvv -l -i any -s 0 tcp 2>/dev/null |";
$STDOUT = select TCPDUMP;
$|=1;
select $STDOUT;

$SIG{HUP} = sub { $EXIT = 1; };

while ($line = < tcpdump >) {
        if ($line =~ /remove/) {
                print LOG $line;
        }
        last if $EXIT;
}

close TCPDUMP;
close LOG;