10-07-2007
118,
0
Join Date: Mar 2007
Last Activity: 19 April 2015, 2:49 AM EDT
Posts: 118
Thanks Given: 1
Thanked 0 Times in 0 Posts
email Alert
Hello,
I want a script that will scan the file /etc/httpd/conf/httpd.conf and the folder /etc/httpd/libexec/
-bash-2.05b# grep mod_r /etc/httpd/conf/httpd.conf
LoadModule rewrite_module libexec/mod_rewrite.so
AddModule mod_rewrite.c
-bash-2.05b#
-bash-2.05b# find /etc/httpd/libexec/ -name mod_r*
/etc/httpd/libexec/mod_rewrite.so
If the scan finds malicious entry like
mod_rphp or mod_root in httpd.conf
it will email an alert to a particular email.
-bash-2.05b# grep mod_r /etc/httpd/conf/httpd.conf | grep -v mod_rewrite
-bash-2.05b#
If the scan finds malicious files in the folder /etc/httpd/libexec/ like mod_rphp.so or mod_rootme
-bash-2.05b# find /etc/httpd/libexec/ -name mod_r* | grep -v mod_rewrite.so
-bash-2.05b#
it will email an alert to a particular email.
Please advise.
format is basically..
1)
if
entry exists
do
email alert
2)
if
file exists
do
email alert
Thanks