Monitor whether all files in the Web site directory have been tampered with (the contents of the file have been changed) and if so, print the changed file name
Scheduled tasks: Perform monitoring once every three minutes
Characteristics of files being tampered with:
The size may change (why is it possible, if you change the value of 1 to 2 the size will not change)
Modification time Changes (file test ot,nt)
The contents of the file will change, judging by md5sum fingerprint
Add or delete files
Problem:
Code release scenario: a large company or a regulated company, will not always pass code, 1-2 times a day
The script is not rigorous Ah, the work of the first to solve the file, and then solve the problem
#!/bin/shnum= ' cat site.log|wc-l ' md5num= ' md5sum-c/tmp/checkmd5.db|grep-i failed|wc-l ' filenum= ' ls-l/etc/|wc-l ' if [ $MD 5num-ne 0]then echo "md5sum-c/tmp/checkmd5.db|grep-i FAILED" Fiif [$filenum-ne $num]then echo "/etc/dir is C Hange "Fi ~
This article is from the "Little Rookie" blog, please be sure to keep this source http://baishuchao.blog.51cto.com/12918589/1942742
Monitor all files in the Web site directory for malicious tampering