Archive for July, 2012

Poor man’s tripwire.

Needed something simple which works everywhere to scan for changes in @()#%)# WordPress files:



#!/usr/bin/php



 // config:



 $d = "/var/www/mysite";

 $m = array("myemail@company.com");



 // code

 $x = trim(`find $d`);



 $x = explode("n", $x);



 $y = array();

 foreach($x as $f) {

  if (!is_file($f)) continue;

  $y[$f] = trim(`md5sum "$f"`);

  $s = explode(" ", $y[$f]);

  $y[$f] = trim($s[0]);

 }



 $d = str_replace(array("/"), "_", $d);

 if (file_exists($d)) {

  $z = array();

  $f = fopen($d, "r");

  while($s=fgets($f, 4096)) {

   $s = trim($s);

   $i = strrpos($s, " ");

   $z[substr($s, 0, $i)] = substr($s, $i+1);

  }

  fclose($f);

 

  // there we go; if something is in y but not in z or something in y is different than in z, we need to alert!

  $e = array();

  foreach($y as $k=>$v) {

   if (!@$z[$k]) {

    $e[] = "Added file: $k ($v)";

   } else if ($z[$k] != $v) {

    $e[] = "Changed file: $k ($v)";

   }

  }

  if ($e) {

   mail(implode(", ", $m), "Changes in $d!", implode("n", $e));

  }

 }





 $f = fopen($d, "w");

 foreach($y as $k=>$v) {

  fputs($f, "$k $vn");

 }

 fclose($f);



?>