Sometimes users upload stuff to your server or use scripts you don’t want used. To detect them fast, I wrote this script.
#!/usr/bin/perl
use Digest::Perl::MD5 'md5_hex';
chdir('/root/');
`touch ./scanned` if not -f "./scanned";
%h = ();
open(F, "scanned");
while() {
chomp;
$h{$_} = 1;
}
close F;
@x = `cd /etc/httpd/domlogs/; grep c99me *`;
open(F, ">>scanned");
$s = "";
foreach(@x) {
chomp;
$m = md5_hex($_);
next if $h{$m};
print F "$mn";
$s.=$_."n";
}
close F;
if ($s) {
$sendmail = "/usr/sbin/sendmail -t";
open(SENDMAIL, "|$sendmail") or die "Cannot open $sendmail: $!";
print SENDMAIL "Reply-to: root@myserver.orgn";
print SENDMAIL "Subject: Found some illegal stuff on servern";
print SENDMAIL "To: alerts@somewhere.comn";
print SENDMAIL "Content-type: text/plainnn";
print SENDMAIL $s;
close(SENDMAIL);
}
Be the first to leave a comment. Don’t be shy.