网站文件是否被篡改脚本(第二版)

August 4, 2014CommentsRead

对比第一版本，做如下修改：
①：增加新增加文件的判断；
②：过滤了sitemap文件（sitemap每天会更新）；
③：取消第一个指纹文件的建立；
④：md5对比采用当前md5与当前日期前一天的md5值进行对比；

#/bin/bash
# Version:1.1
# Author:Byrd
# Site:note.t4x.org
# Contact:root#t4x.org
# Check whether a file is unauthorized modification 
# If the file has been modified, notify the system administrator

#Definition of variables
webmail=root#t4x.org
website=/web/site/t4x
fingerbackup=/backup/Fingerprint
createlog=/backup/Fingerprint/create.log
checklog=/backup/Fingerprint/check.log
fingerfile=/backup/Fingerprint/$(date +%F).Fingerprint
ofingerfile=/backup/Fingerprint/$(date -d"1 day ago" +%F).Fingerprint
#Judge the backup directory exists
[ ! -d $fingerbackup ] && mkdir -p $fingerbackup
#Judge the MD5 exists
[ ! -f $fingerfile ] && find $website -type f | xargs md5sum > $fingerfile
#The file was modified
[ ! -f $checklog ] && touch $checklog
md5sum -c $fingerfile | grep -i "FAILED" > $checklog
md5sum -c $ofingerfile | grep -i "FAILED" | egrep -v "sitemap.xml.gz|sitemap.xml" > $checklog
if [ `cat $checklog | wc -l` -gt 0 ];then
    mail -s "The file was modified" $webmail < $checklog
fi
#New file creation
[ ! -f $createlog ] && touch $createlog
if [ `ls -l --full-time $website | grep $(date +%F) | awk -F ' ' '{print $9}' | grep -v "^$" | wc -l` -gt 0 ];then
    echo "`ls -l --full-time $website | grep $(date +%F) | awk -F ' ' '{print $9}'`" > $createlog
else
    > $createlog
fi
if [ `cat $createlog | grep -v "^$" | wc -l` -gt 0 ];then
    #echo `cat $errorlog`
    mail -s "New file creation" $webmail < $createlog
    > /backup/Fingerprint/create.log
fi

#/bin/bash

# Version:1.1

# Author:Byrd

# Site:note.t4x.org

# Contact:root#t4x.org

# Check whether a file is unauthorized modification

# If the file has been modified, notify the system administrator

#Definition of variables

webmail=root#t4x.org

website=/web/site/t4x

fingerbackup=/backup/Fingerprint

createlog=/backup/Fingerprint/create.log

checklog=/backup/Fingerprint/check.log

fingerfile=/backup/Fingerprint/$(date +%F).Fingerprint

ofingerfile=/backup/Fingerprint/$(date -d"1 day ago" +%F).Fingerprint

#Judge the backup directory exists

[ ! -d $fingerbackup ] && mkdir -p $fingerbackup

#Judge the MD5 exists

[ ! -f $fingerfile ] && find $website -type f | xargs md5sum > $fingerfile

#The file was modified

[ ! -f $checklog ] && touch $checklog

md5sum -c $fingerfile | grep -i "FAILED" > $checklog

md5sum -c $ofingerfile | grep -i "FAILED" | egrep -v "sitemap.xml.gz|sitemap.xml" > $checklog

if [ `cat $checklog | wc -l` -gt 0 ];then

mail -s "The file was modified" $webmail < $checklog

#New file creation

[ ! -f $createlog ] && touch $createlog

if [ `ls -l --full-time $website | grep $(date +%F) | awk -F ' ' '{print $9}' | grep -v "^$" | wc -l` -gt 0 ];then

echo "`ls -l --full-time $website | grep $(date +%F) | awk -F ' ' '{print $9}'`" > $createlog

else

> $createlog

if [ `cat $createlog | grep -v "^$" | wc -l` -gt 0 ];then

#echo `cat $errorlog`

mail -s "New file creation" $webmail < $createlog

> /backup/Fingerprint/create.log

定时任务：

[root@hz scripts]# echo '#Check whether a file is unauthorized modification BY:BYRD AT:2014-03-31' >>/var/spool/cron/root
[root@hz scripts]# echo '0 4 * * * /bin/sh /byrd/scripts/unauthorized.sh >/dev/null 2>&1' >>/var/spool/cron/root

0 1	[root@hz scripts]# echo '#Check whether a file is unauthorized modification BY:BYRD AT:2014-03-31' >>/var/spool/cron/root [root@hz scripts]# echo '0 4 * * * /bin/sh /byrd/scripts/unauthorized.sh >/dev/null 2>&1' >>/var/spool/cron/root

申明：本文由BYRD原创(基于GNU bash, version 4.1.2(1))，未经许可禁止转载！文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/code/check-unauthorized-modification-second-edition/

申明：除非注明Byrd's Blog内容均为原创,未经许可禁止转载!详情请阅读版权申明!

On this day in past years

August

2013Centos Bind配置完整版

Hot search

On this day in past years

Comment