Simple changes to inform the file can be used for site inspection

A very old-fashioned and easy file change notice was already written more than ten years ago. It changed the path name for webmaster of UNIX’s reference as many websites were hacked and hidden with Trojan horses.

Anyone who knows little about the UNIX can use it easily. The feature is very simple.

The main function is checking and notifying the administrator within an hour if any file modifications are found. In this case, Administrator can check the vulnerabilities of the system if any unexpected changes are found. It’s meaningless to do file recovery if the system has been invaded. The below example does not contain a file restore function.

1. Please create  “/chk_file.csh”as below,
cd /tmp
find /var/www/htdocs -type f -mmin -60 -print >! xx.$$
set lines = `wc -l xx.$$`
if ( $lines[1] < 1 ) then
\rm xx.$$
mail -s file_changed < xx.$$
\rm xx.$$

** Note
1. Replace /var/www/htdocs to monitoring path.
2. : Please change to your own email address.

  1. In crontab, please add: 0 * * * * /bin/csh /chk_file.csh >/dev/null 2>&1

That's it, if there is any changing file in monitor path, we will email to inform you.

To monitor the multiple paths only need to change a line as below, find /var/www/htdocs /var/www/web2 -type f -mmin -60 -print >! xx.$$

The author of this article: Web Admin - DragonSoft

About DragonSoft Security Associates, Inc.
DragonSoft Security Associates is a leading developer in Taiwan for network security software and an active contributor to network security education. Founded in 2002, DragonSoft offers vulnerability management olutions, including vulnerability assessment, System Security Management and intrusion prevention.