File Extension Scanner
05-24-2010 @ 5:24AM EDT
This is a very simple bash script that will scan your client accounts for "illegal" file extensions. I label them illegal because it reminds me of the severity these files can have although I normally find very few actual illegal files but I make sure to check each one to make sure it is within the Terms of Service of my company. Do not go and terminate every account that appears on this list, use common sense and verify each file before taking action.
How to use it:
If you don't already have a mydir folder then create one (mkdir /mydir). Then copy and paste the code into a new extscan.sh file in the /mydir folder (vi /mydir/extscan.sh). Don't forget to set your permissions to make the file executable (chmod 0771 /mydir/extscan.sh). After that, copy and paste the code into a new extscanner.sh file in the /mydir folder (vi /mydir/extscanner.sh). Don't forget to set your permissions to make the file executable (chmod 0771 /mydir/extscanner.sh). Now you can copy and paste the following line into your crontab (type crontab -e after you SSH into your server):
0 3 * * * /mydir/extscan.sh
The above line will run the script every morning at 3AM.
You can adjust the time based on your other scheduled jobs because this will takes a while to run if you have a lot of accounts on your server and will use a lot of the CPU so it is best to run this when there is not a lot of traffic on your server.
A breakdown of this script:
#!/bin/bash <- Tells the server to run this script with the BASH interpreter.
echo "STARTING AT `date`(`uptime`)" > /var/log/extscanlog.txt <- Prints the start time of the script to the extscanlog.txt log (includes the uptime to keep track of your CPU load).
sh /mydir/extscanner.sh >> /var/log/extscanlog.txt <- Runs the extscanner.sh script seperately.
echo "ENDING AT `date`(`uptime`)" >> /var/log/extscanlog.txt <- Prints the end time when finished to the log (includes the uptime to keep track of your CPU load).
mail -s "Illegal File Extension Results"
The extscanner.sh script:
#!/bin/bash <- Tells the server to run this script with the BASH interpreter.
/usr/bin/find /home/*/public_html/ -iname *.ext1 -type f <- Looks for files with the extension of .ext1 in all users public_html directories.
/usr/bin/find /home/*/public_html/ -iname *.ext2 -type f <- Looks for files with the extension of .ext2 in all users public_html directories.
/usr/bin/find /home/*/public_html/ -iname *.ext3 -type f <- Looks for files with the extension of .ext3 in all users public_html directories.
Additional information:
I have not included the list of extensions I check for because it is dependant on your Terms of Service and you will find that some extensions will yield a lot of results but will have very few actual "illegal" files so you will need to balance between how much time you want to invest versus how thorough you want to be.
Code:
#!/bin/bash
echo "STARTING AT `date`(`uptime`)" > /var/log/extscanlog.txt
sh /mydir/extscanner.sh >> /var/log/extscanlog.txt
echo "ENDING AT `date`(`uptime`)" >> /var/log/extscanlog.txt
mail -s "Illegal File Extention Results" < /var/log/extscanlog.txt
echo "STARTING AT `date`(`uptime`)" > /var/log/extscanlog.txt
sh /mydir/extscanner.sh >> /var/log/extscanlog.txt
echo "ENDING AT `date`(`uptime`)" >> /var/log/extscanlog.txt
mail -s "Illegal File Extention Results"
Code:
#!/bin/bash
/usr/bin/find /home/*/public_html/ -iname *.ext1 -type f
/usr/bin/find /home/*/public_html/ -iname *.ext2 -type f
/usr/bin/find /home/*/public_html/ -iname *.ext3 -type f
/usr/bin/find /home/*/public_html/ -iname *.ext1 -type f
/usr/bin/find /home/*/public_html/ -iname *.ext2 -type f
/usr/bin/find /home/*/public_html/ -iname *.ext3 -type f
servers, linux, security, tutorials, scripts
Comments
This article hasn't been commented yet.
Write a comment
* = required field