Illegal File Scanner
05-24-2010 @ 5:22AM EDT
This is a very simple bash script that will scan your client accounts for files with "illegal" content. I label it illegal because it reminds me of the severity the content can have although I normally find very few files with actual illegal content but I make sure to check each file to make sure it is within the Terms of Service of my company. Do not go and terminate every account that appears on this list, use common sense and verify each file before taking action.
How to use it:
If you don't already have a mydir folder then create one (mkdir /mydir). Then copy and paste the code into a new ifscan.sh file in the /mydir folder (vi /mydir/ifscan.sh). Don't forget to set your permissions to make the file executable (chmod 0771 /mydir/ifscan.sh). After that, copy and paste the code into a new ifscanner.sh file in the /mydir folder (vi /mydir/ifscanner.sh). Don't forget to set your permissions to make the file executable (chmod 0771 /mydir/ifscan.sh). Now you can copy and paste the following line into your crontab (type crontab -e after you SSH into your server):
0 1 * * * /mydir/ifscan.sh
The above line will run the script every morning at 1AM.
You can adjust the time based on your other scheduled jobs because this will takes a while to run if you have a lot of accounts on your server and will use a lot of the CPU so it is best to run this when there is not a lot of traffic on your server.
A breakdown of the ifscan.sh script:
#!/bin/bash <- Tells the server to run this script with the BASH interpreter.
echo "STARTING AT `date`(`uptime`)" > /var/log/ifscanlog.txt <- Prints the start time of the script to the ifcanlog.txt log (includes the uptime to keep track of your CPU load).
sh /mydir/ifscanner.sh >> /var/log/ifscanlog.txt <- Runs the ifscanner.sh script seperately.
echo "ENDING AT `date`(`uptime`)" >> /var/log/ifscanlog.txt <- Prints the end time when finished to the log (includes the uptime to keep track of your CPU load).
mail -s "Illegal File Scan Results"
The ifscanner.sh script:
#!/bin/bash <- Tells the server to run this script with the BASH interpreter.
FINDBIN=/usr/bin/find <- Tells the server where to find the FIND program.
EGREPBIN=/bin/egrep <- Tells the server where to find the EGREP program.
BADWORDS="word1|word2|word3" <-The list of words to scan for seperated by a pipe (|).
echo " EXT1 SCAN STARTED" <- Prints text to the log.
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++" <- Prints text to the log.
$FINDBIN /home/*/public_html/ -iname *.ext1 -type f -exec $EGREPBIN -i -H $BADWORDS {} ; <- Searches all users public_html directories for all files ending with .ext1 then scans inside those files for the word list specified above.
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++" <- Prints text to the log.
echo " EXT1 SCAN ENDED" <- Prints text to the log.
echo " EXT2 SCAN STARTED" <- Prints text to the log.
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++" <- Prints text to the log.
$FINDBIN /home/*/public_html/ -iname *.ext2 -type f -exec $EGREPBIN -i -H $BADWORDS {} ; <- Searches all users public_html directories for all files ending with .ext2 then scans inside those files for the word list specified above.
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++" <- Prints text to the log.
echo " EXT2 SCAN ENDED" <- Prints text to the log.
echo " EXT3 SCAN STARTED" <- Prints text to the log.
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++" <- Prints text to the log.
$FINDBIN /home/*/public_html/ -iname *.ext3 -type f -exec $EGREPBIN -i -H $BADWORDS {} ; <- Searches all users public_html directories for all files ending with .ext3 then scans inside those files for the word list specified above.
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++" <- Prints text to the log.
echo " EXT3 SCAN ENDED" <- Prints text to the log.
Additional information:
Add more file extensions and words by just following the patterns above.
Code:
#!/bin/bash
echo "STARTING AT `date`(`uptime`)" > /var/log/ifscanlog.txt
sh /mydir/ifscanner.sh >> /var/log/ifscanlog.txt
echo "ENDING AT `date`(`uptime`)" >> /var/log/ifscanlog.txt
mail -s "Illegal File Scan Results" < /var/log/ifscanlog.txt
echo "STARTING AT `date`(`uptime`)" > /var/log/ifscanlog.txt
sh /mydir/ifscanner.sh >> /var/log/ifscanlog.txt
echo "ENDING AT `date`(`uptime`)" >> /var/log/ifscanlog.txt
mail -s "Illegal File Scan Results"
Code:
#!/bin/bash
FINDBIN=/usr/bin/find
EGREPBIN=/bin/egrep
BADWORDS="word1|word2|word3"
echo " EXT1 SCAN STARTED"
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++"
$FINDBIN /home/*/public_html/ -iname *.ext1 -type f -exec $EGREPBIN -i -H $BADWORDS {} ;
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++"
echo " EXT1 SCAN ENDED"
echo " EXT2 SCAN STARTED"
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++"
$FINDBIN /home/*/public_html/ -iname *.ext2 -type f -exec $EGREPBIN -i -H $BADWORDS {} ;
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++"
echo " EXT2 SCAN ENDED"
echo " EXT3 SCAN STARTED"
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++"
$FINDBIN /home/*/public_html/ -iname *.ext3 -type f -exec $EGREPBIN -i -H $BADWORDS {} ;
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++"
echo " EXT3 SCAN ENDED"
FINDBIN=/usr/bin/find
EGREPBIN=/bin/egrep
BADWORDS="word1|word2|word3"
echo " EXT1 SCAN STARTED"
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++"
$FINDBIN /home/*/public_html/ -iname *.ext1 -type f -exec $EGREPBIN -i -H $BADWORDS {} ;
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++"
echo " EXT1 SCAN ENDED"
echo " EXT2 SCAN STARTED"
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++"
$FINDBIN /home/*/public_html/ -iname *.ext2 -type f -exec $EGREPBIN -i -H $BADWORDS {} ;
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++"
echo " EXT2 SCAN ENDED"
echo " EXT3 SCAN STARTED"
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++"
$FINDBIN /home/*/public_html/ -iname *.ext3 -type f -exec $EGREPBIN -i -H $BADWORDS {} ;
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++"
echo " EXT3 SCAN ENDED"
servers, linux, tutorials, scripts, security
Comments
This article hasn't been commented yet.
Write a comment
* = required field