Linux系统文件防篡改脚本

文件防篡改脚本,一有文件被修改,立即发送报警短信。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
#!/bin/bash
#description: check files shell
#author:coralzd powered by www.freebsdsystem.org
checkdir=/data/www/bbs.xxx.com

ipadd=`ifconfig |grep "inet" |cut -c 0-36|sed -e 's/[a-zA-Z: ]//g' |grep -v "127.0.0.1"`

while [ 1 ]
do
DATE=`date +%Y-%m-%d.%H:%M:%S`
find ${checkdir} ( -path ${checkdir}/forumdata/threadcaches -o -path ${checkdir}/forumdata_1/threadcaches -o -path ${checkdir}/forumdata_1/templates -o -path ${checkdir}/f
orumdata_1/cache -o -path ${checkdir}/forumdata/dzwxuser -o -path ${checkdir}/attachments -o -path ${checkdir}/forumdata/cache -o -path ${checkdir}/forumdata/templates -o -path
${checkdir}/forumdata/dzwxuser -o -path ${checkdir}/dzwxuserid/cache -o -path ${checkdir}/forumdata_1 ) -prune -o -name "*php" -mmin -1 -print >/tmp/tmpdd
SZ=`ls -la /tmp/tmpdd|awk '{print $5}'`
if [ "${SZ}" -gt "2" ]; then
SN=`cat /tmp/tmpdd`
echo ${DATE} ${SN} >>/var/tmp/checkfile.log
wget http://10.10.10.10/phpsms/smsu.php?phone=15012345678&msg=%E7%95%99%E6%84%8F%EF%BC%9A${ipadd}_%E5%8F%AF%E8%83%BD%E5%87%BA%E7%8E%B0%E6%96%87%E4%BB%B6%E7%AF%A
1%E6%94%B9 -O /dev/null >/dev/null 2>&1
fi
sleep 60
done

http://coralzd.blog.51cto.com/90341/667144


title: Linux系统文件防篡改脚本
date: 2011-08-20 14:19
author: coralzd
site: 帐号、业务安全|岂安