Irongeek.com wrote a script to detect MD5 change in the files in your hosting account. Actually Irongeek.com was hacked few months before and therefore they wrote this script and I believe this script is very helpful for webadmins.
You can download this script in text file by clicking here.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
#!/bin/bash # Irongeek"s crappy change detection script. ver. 0.1 # The purpose of this script is to detect file changes. We will make an MD5 # hash of all the files in a path and look for changes. In theory, the next # two lines should be all you have to change (except maybe the find command). PathToCheck="/home/irongeek/irongeek.com" SendReportsToThisEmailAddress="[email protected]" # We will store the results of our recursive hashing so we can compare them # to new results later. Add a line like this: # */10 * * * * /home/irongeek/t/t.sh>/dev/null 2>&1 # to your crontab to run the script every 10 min. "crontab -e" should be the # command to do that (and of course leave off the # comment, and chmod +x the # script so that it is executable). This next line sets a variable so we know # where the script is ran from, and CDs into that directory. You will need # write permissions in this directory. ScriptDir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" # These lines just print some running information echo Working in directory $ScriptDir echo Checking directory $PathToCheck echo Reports will be sent to $SendReportsToThisEmailAddress # The next line finds all the files in the path, but excludes some we don"t # care to check. In my case, some .spc files used to cache some RSS feeds. # Remove this exclusion, or add more exclusions, as you wish. After find finds # a file, it runs md5sum on it, and stores the results by redirecting # standard out into a file. find $PathToCheck -type f \( -not -iname "*.spc" \) -exec md5sum "{}" \;>$ScriptDir/newout.txt # Assuming this is not the first run, the output of the command above gets # compared to the old output of a previous run and the differences redirected # into a temp file. diff -C 0 $ScriptDir/oldout.txt $ScriptDir/newout.txt > $ScriptDir/difftemp.txt # Assuming the file is bigger than 0 bytes, we will go into this if statement. if [ -s $ScriptDir/difftemp.txt ] then # Yippy, we found some differences in the MD5 hashes, time to generate # some output we will eventually send as a warning. echo "Got differences, sending email" echo "Change Report" > $ScriptDir/tempoutput.txt echo >> $ScriptDir/tempoutput.txt # The weird awk and regex below is so we can work with file names with # spaces in them. We ls -al each changed file to get things like size, # timestamp and permissions, just so there is extra info in the report. awk '{fn=substr($0,length($1 $2) + 4);gsub(/ /,"\\ ", fn); print fn}' \ $ScriptDir/difftemp.txt | grep / | uniq | xargs ls -al \ >>$ScriptDir/tempoutput.txt # Lines like the one below are just to put in an extra linefeed. echo >> $ScriptDir/tempoutput.txt # Let"s put the hash differences into the report. cat $ScriptDir/difftemp.txt >> $ScriptDir/tempoutput.txt echo >> $ScriptDir/tempoutput.txt # Now we can pipe it into the mail utility and send it to whom we want. cat $ScriptDir/tempoutput.txt | mail -s "MD5 Diff `date`" $SendReportsToThisEmailAddress # We will also make a running log, >> means append but not over wight. date >> $ScriptDir/permlog.txt cat $ScriptDir/tempoutput.txt >> $ScriptDir/permlog.txt # We will also make an archived copy of the output, naming it by date. cp $ScriptDir/newout.txt $ScriptDir/oldout_`date +"%Y%m%d%H%M%S"`.txt # And now the new output becomes the old output for the next time we do # MD5 file hash comparisons. mv $ScriptDir/newout.txt $ScriptDir/oldout.txt else # If the file in the if statement is 0 bytes, we end up here, and do # nothing. echo "No differences" fi # I got a lot of help on writing this script from these pages/posts: # http://wandzeitung.informations-compagnie.de/2008/07/30/recursive-md5-hashing-with-linux/ # http://bytes.com/topic/unix/answers/647432-renaming-file-append-date # http://www.cyberciti.biz/faq/find-command-exclude-ignore-files/ # http://www.linuxforums.org/forum/programming-scripting/134529-bash-script-needs-e-mail-output.html # http://stackoverflow.com/questions/59895/can-a-bash-script-tell-what-directory-its-stored-in # http://tldp.org/LDP/Bash-Beginners-Guide/html/sect_07_01.html |
Please follow and like us:
About shk
Comment Policy:
Your words are your own, so be nice and helpful if you can. Please, only use your real name, not your business name or keywords. Using business name or keywords instead of your real name will lead to the comment being deleted. Anonymous commenting is not allowed either. Limit the amount of links submitted in your comment. We accept clean XHTML in comments, but don't overdo it please.