From 2d8dada512af99ad369b6d7475ded2edf6dd1c19 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Wed, 21 Feb 2018 10:50:32 +0100 Subject: Remove a useless file This should close #64 --- php-malware-finder/docroot-check.sh | 39 ------------------------------------- 1 file changed, 39 deletions(-) delete mode 100644 php-malware-finder/docroot-check.sh diff --git a/php-malware-finder/docroot-check.sh b/php-malware-finder/docroot-check.sh deleted file mode 100644 index 11aa4f9..0000000 --- a/php-malware-finder/docroot-check.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/env bash - -PATH=/usr/bin:/bin:/sbin:/usr/sbin -apache_confdir="/etc/apache2/sites-available" -pmf_conf="/etc/phpmalwarefinder/php.yar" -pmf_cachedir="/tmp" - -# grab the different document roots to scan each and everyone of them -for docroot in $(grep -o 'DocumentRoot.*' $apache_confdir/* | \ - awk '{if ($2 ~ "/data/www/*") print $2}') ; do - - vhost_outdir=$(echo $docroot |egrep -o '[^/]*/[^/]*$') - mkdir -p $pmf_cachedir/$vhost_outdir - pmf_sha1=$pmf_cachedir/$vhost_outdir/sha1sum.$(date +"%d-%m-%Y") - last_pmf_sha1=$pmf_cachedir/$vhost_outdir/sha1sum.$(date +"%d-%m-%Y" --date="7 days ago") - - # compute PHP files sha1sum and compare them to last report to reduce the - # amout of files yara has to scan - find $docroot -type f -iname "*php" -exec sha1sum {} \; > $pmf_sha1 - - if [ -f $last_pmf_sha1 ] ; then - diff -u $pmf_sha1 $last_pmf_sha1 | grep ^+[A-Z] | sed -e 's/^+[^\ ]*//g' > \ - /tmp/diff.txt - for file in $(cat /tmp/diff.txt); do - yara $pmf_conf >> $pmf_cachedir/$vhost_outdir/cron.out 2>&1 - done - else - # first scan or last scan result is missing - SAVEIFS=$IFS - IFS=$(echo -en "\n\b") - find $docroot -type f -iname "*php" -exec yara $pmf_conf {} > \ - $pmf_cachedir/$vhost_outdir/cron.out 2>&1 \; - fi; - - if [ -s $pmf_cachedir/$vhost_outdir/cron.out ]; then - cat $pmf_cachedir/$vhost_outdir/cron.out | \ - mail -s "PMF REPORT:$(uname -n) DocumentRoot $docroot" jre@nbs-system.com - fi; -done -- cgit v1.3