Shell脚本范例(十五)——入侵检测与报警

本文分享常用的一些Shell脚本的例子,这是第十五篇——网站入侵检测与报警。

要求:监控Web站点目录(/var/html/www)下的所有文件是否被恶意篡改(文件内容被更改了),如果有则打印改动的文件名(邮件),定时任务每3分钟执行一次。

准备:

#!/bin/bash
#Author: Oliver King
#Blog: http://www.oliver.ren

mkdir -p /var/html/www
cp -a /etc/a* /var/html/www/
cp -a /etc/b* /var/html/www/
ls /var/html/www/

find /var/html/www -type f|xargs md5sum > /tmp/md5sum.txt
find /var/html/www -type f > /tmp/web-list.txt

参考:

#!/bin/bash
#Author: Oliver King
#Blog: http://www.oliver.ren

RETVAL=0
export LANG=en
CHECK_DIR=/var/html/www
[ -e $CHECK_DIR ] || exit 1

fingerprint_ori="/tmp/md5sum.txt"
web-list_ori="/tmp/web-list.txt"
ErrLog="/tmp/err.log"
[ -e $fingerprint_ori ] || exit 1
[ -e $web-list_ori ] || exit 1

echo "# md5sum -c --quiet /tmp/md5sum.txt" > $ErrLog
md5sum -c --quiet $fingerprint_ori &>> $ErrLog
RETVAL=$?

find $CHECK_DIR -type f > /tmp/web-list_curr.txt

echo "# diff /tmp/web-list* &>> $ErrLog
diff /tmp/web-list* &>> $ErrLog

if [ $RETVAL -ne 0 -o `diff /opt/web-list*|wc -l` -ne 0 ]
then
    mail -s "`uname -n` $(date +%F) err" oliver.csu@gmail.com < $ErrLog
else
    echo "Sites dir is ok"|mail -s "`uname -n` $(date +%F) is ok" oliver.csu@gmail.com
fi

标签: none