/endedit
A while back, one of my customers got hit with a nasty string of viruses on their website due to some vulnerabilities in an outdated version of the Popular CMS Joomla, after cleaning up the nastiness, I wrote this script to notify me if there are any changes to the web server files.
This script will create a list of all the files in directory and all sub directories and every time it is run, it will compare against the original list. If the files do not match, it will log the different files and in my production system, I have it hit a web service that shoots off an email. (not listed here)
This is running on a linux system and is a bash script.
#!/bin/sh
# Created by Mike Sweany
# Check to see if the default file list has been created,
# if not, create it. This example skips common images
if [ -f defaultfiles.txt ]
then
echo file exists
else
# rem out old file
# ls -R public_html/ > defaultfiles.txt
ls -R public_html/ | grep -v "\.pdf$" | grep -v "\.jpg$" | grep -v "\.png$" > defaultfiles.txt
fi
# Create the file to check against, again we skip all the common images
# ls -R public_html/ > currentfiles.txt
ls -R public_html/ | grep -v "\.pdf$" | grep -v "\.jpg$" | grep -v "\.png$" > currentfiles.txt
if diff defaultfiles.txt currentfiles.txt >/dev/null ; then
echo Same
else
echo different
# Here is where you would add a string to GET the webpage with your notification on it
# Add the date, files that have changed and tell it that we're at the end of the changes
date >> changes.log
diff defaultfiles.txt currentfiles.txt >> changes.log
echo "### end ###" >> changes.log
fi
No comments:
Post a Comment