Hacker defense – passive intrusion detection via shell scripting and crontab
Posted on November 28, 2011 at 3:56 pm
This is a quick shell script I threw together after one of my sites got hacked by some blackhat Chinese group. Set this to run every minute in your crontab. You’ll probably have to create the two files (current.txt and archive.txt) and chmod them to be writable before this will work properly. This will notify you as soon as any files are added to your website.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
#!/bin/bash
# define script vars
webroot=/home/username/domainname.com
current=$webroot/scan/current.txt
archive=$webroot/scan/archive.txt
email=admin@domainname.com
# Gather a list of all files in directory
find $webroot -print > $current
# compare current files list against archived list
output=<code>comm -13 <(sort $archive | uniq) <(sort $current | uniq)</code>
# if it's changed, send an email
if [ -n "$output" ];
then
echo $output | mail -s "Files have been added" $email
fi
# copy current scan results into archive file
cp $current $archive |
No comments for this entry yet...
