From d3e4592a03aad6303da38f2b6143b2c04c3a1073 Mon Sep 17 00:00:00 2001
From: Julien "shaddai" Reveret
Date: Fri, 29 Jan 2016 10:55:32 +0100
Subject: add docroot-check.sh : check php files inside Apache DocumentRoot

---
 php-malware-finder/docroot-check.sh | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 php-malware-finder/docroot-check.sh

diff --git a/php-malware-finder/docroot-check.sh b/php-malware-finder/docroot-check.sh
new file mode 100644
index 0000000..a5cce6e
--- /dev/null
+++ b/php-malware-finder/docroot-check.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+apache_confdir="/etc/apache2/sites-available"
+
+# grab the different document roots 
+for docroot in $(grep -o 'DocumentRoot.*' $apache_confdir/* | \
+    awk '{if ($2 ~ "/data/www/*") print $2}') ; do
+    
+    pmf_output_dir=$(echo $docroot |egrep -o '[^/]*/[^/]*$')
+    mkdir -p /tmp/$pmf_output_dir
+
+    SAVEIFS=$IFS
+    IFS=$(echo -en "\n\b")
+    find $docroot -type f -iname "*php" -exec yara /etc/phpmalwarefinder/malwares.yara {} > \
+    /tmp/$pmf_output_dir/cron.out 2>&1 \;
+
+    if [ -s /tmp/$pmf_output_dir/cron.out ]; then
+      cat /tmp/$pmf_output_dir/cron.out | \
+      mail -s "PMF REPORT:$(uname -n) DocumentRoot $docroot" jre@nbs-system.com
+    fi;
+done
-- 
cgit v1.3