I have written a little script to scan users home directories for certain commands located inside a file. The script is setup to include a small help section and allows for passing a username argument to override scanning of all users home directories.
A lot of searching and trial and error has went into this script on my part. I would appreciate it if some of you that actually know what you're doing can take a look at it for me. If you could give me some pointers, ideas, or suggestions I would be grateful.
Code:
#!/bin/bash
# default folder we will scan
DIR=/home
# a list of commands we need to check for
# seperate commands with a pipe |
LOOKFOR='@system|@shell_exec|@include|@shell'
function help {
# setup small help list
echo -e "Pass an aurgument via command line or run without args."
echo -e " example: ./filescanner.sh -u username\n"
echo -e " -u\t pass a username to run against a single account."
echo -e " -h\t This help message.\n"
}
function scanDir {
# check if $1 else scan all user homes
if [ "$1" ]; then
# do stuff on single user
if [ -d "$DIR/$1" ]; then
list="$DIR/$1"
else
echo "User not found in the \$HOME directory"
exit
fi
else
# scan all home directories where a user account exists
list=`grep $DIR /etc/passwd | cut -d: -f6`
fi
echo "Checking files for $LOOKFOR."
for i in $list; do
path="$i/public_html"
if [ -d "$path" ]; then
# check if our path is a directory
echo "Checking $i/public_html/"
grep -H -E $LOOKFOR $i/public_html/* -R | cut -d: -f1
else
echo "No files to check; $path not a directory."
fi
done
}
while getopts "hu:" flag
do
case $flag in
u )
# echo "$flag" $OPTIND $OPTARG
# read flag and pass to scanDir function
scanDir $OPTARG
exit
;;
h )
# if h call help function
help
exit
;;
* )
echo -e "Invalid option. Please use -h for help.\n"
exit
;;
esac
done
# no options passed scan all
scanDir
I took a look at your script. IMO it is nicely written, but the actual content strikes me as a bit thin to justify a whole script. By and large, the work involved could be accomplished with the following command:
Yes, the @symbols are part of what is being checked. The current list is just preliminary and is not complete.
To give a little background. I run a small hosting company. One of my clients was running Zen Cart and it was exploited. While I was doing some of the forensic investigation to find out the cause and the damage, I thought a script to search for certain keywords used in the attack scripts could come in handy.
Once I make sure everything is coded the right way I plan on sharing this with other server admins in a similar situation. Which is why the added stuff to allow for checking a single users public_html directory exists.
I started off with a one liner but during testing found some issues. Checking /home/*/public_html has some drawbacks to my particular situation. I am running a Cpanel server and there are a few non-user directories located in the /home/.
Thanks for the feedback.
Brandon
Quote:
IMO it is nicely written,
P.S. Thank You. I have to admit this is a testament to the quality of help available on this site and others like it.
Thanks for the reply. Regarding "one process without any kernel data structure", can you elaborate on what you said or post a link? I don't understand what you are talking about. I guess I am going a little deeper down the rabbit hole then I have been before.
edit: I Googled it Kernel Data Structures
I have seen a few posts saying cut is faster then awk and awk is more flexible. To be honest, I don't have a clue. The best I could come up with using awk, was only for part of the process. When I tried using awk in a similar fashion to my existing code I was getting directory errors since part of what was being passed was a directory. I did try something on my own using cut to get multiple fields, I couldn't figure out how to do it or if it was possible.
I will say awk is more flexible than cut in this instance. It took me awhile just to figure that out. Could you post an example of what you were referring to, without using grep or cut?
Currently, I am getting output similar to this using awk or cut.
---------- Post updated at 06:23 AM ---------- Previous update was at 01:23 AM ----------
I have finally came up with this and it works ok but it is getting a little unruly.
edit: Broken after pipe for less scrolling and removed a few spaces too.
Is there an easy way to get consistent column widths for fields $2 $3?
Something like this is what I am after, The $3 has a variable length of whitespace and tabs that I would like to remove if at all possible, then add something like 4 spaces back in front.
Hello *nix friends,
I've written a shell script that allow web admin's to copy file/folder from a development site to the production site. It's more or less a poor man SVN.
I'm posting the script here because I was able to get many questions answered through this forum and also, I want to... (4 Replies)
The script distributes files from an AIX server using iether ftp or sftp depending on the constraint of the destination server. I am interested in having the error checking routine critically reviewed. I will only include an excerpt from the script concerning error trapping: (where $FTP_OUT is the... (7 Replies)
HI everyone,
I been to this site before for help and found my answers on other threads now I am posting my own :).
I have a list of file names with out extensions on an txt file. I need a way for the script to search on the server for each file name and copy the files over to a new directory.... (12 Replies)
Hello
Im new to this forums, I would like some help regarding a script that I need in order to copy some files. Heres the scenario:
I need to search several files which have a particular code inside, lets say "test" all of them on different directories. I need to copy all of them on a new... (4 Replies)
I have written a bit of shell that lets our company check all our SSL certs.
the aim is to have a list of servers and run this check from cron once a week.
Our managers have decided that we will not run BASH, so it has been written in /bin/sh and only needs openssl, no perl, no bash, no extra... (8 Replies)
Hi,
I need Unix Shell Script Review Check list in the format of word or excel.
Can any one provide the review checklist for unix shell script. Pls. (1 Reply)
Hi guys,
I 've been brewing this shellscript, but I can't test it until next tuesday.
In the meantime I am too curious wether it will work or not, so I'd like to hear your comments.
Background:
I want to watch the user quota for mailboxes in various email-domains on a IMAP-server.
I have... (1 Reply)
Hi,
I want to copy all the log file except current date log from one server to another server.
Log File will be like this LOGNIG_08_11_2008*.log
For this
cd /test/log
date -d '1 day ago' "+%d_%m_%Y" -->This command gives previous day
scp LOGSNIG_date -d '1 day ago' "+%d_%m_%Y"... (2 Replies)
