Linux real-time detection of web Project MD5 to prevent website hacking

Building more and more website projects on linux servers to prevent website projects from being hacked is the basic work of web O & M personnel. There are countless articles on website O & M skills on the Internet, with different methods, experienced experts wrote the essence, and the younger brother was not long before he came into contact with this line. He did not have much experience, the following describes one of the methods I use-MD5 verification.

This method requires the md5sum tool that comes with the system. (You can download yum to http://rpm.pbone.net)

This method requires two scripts (the website uses java, the class and jsp are monitored here, depending on the Project)

Makemd5 and checkmd5

Makemd5

#!/bin/: --. md5 -------------=------------- $path  -type f  |  -E   |   md5sum > /md5/one

Checkmd5

#!/bin/: --.  [ ! -s /md5/one ] ;  =------------- $path  -type f |  .class |   md5sum >  /md5/makemd5  > /md5//bin/ /md5/ [ ! -s /md5/two ] ;  -------------=` one |   [ !  ] ;  $ |  -F /  >>   /md5/one >> /md5/ /md5/two |  |  -c |  -nr |   |  -F /  > /md5/------------=` /md5/.md5 |    |   |   [   ] ; ------------/usr/local/fx/fetion --mobile= --= --to= --msg-utf8=  -rf /md5/.makemd5

Makemd5 is used to generate the original MD5 file one for the first time. checkmd5 will generate a new MD5 file two, and then compare the two MD5 files. what is different is the modified or uploaded files, then an alarm is triggered,

Makemd5 generates the original file, which is generated only once. You can add checkmd5 to cron. If it is executed once every minute, a new MD5 file two will be generated every minute, compare with the original MD5 file one to monitor the project file in real time and detect problems in time.

*/ * * * * root  /md5/checkmd5  >/dev/ >&

This method is weak for Daniel, but it is very practical for me,

But when the intruders change crond, the monitoring will become invalid, we can use nagios to monitor the crond service on the server and whether the makemd5 file has not been modified on the Intranet. (If you want to know this, please let me know)

It is best not to use the root user and the running project. You can create a new application to run the project. You can grant less permissions or add real-time monitoring of access logs.

Such as logcheck and log analyzer, or write some simple scripts by yourself.

END