check_websites is a very simple virus scanner for web sites. It checks a document root directory for files with the .js extension and for codewords which might be a hint of defacement or SQL injection. check_websites is made to run as a cronjob. There's no output on the screen, but it generates a logfile and mails output.
What it does?
This script checks a document_root_directory for files with the (( /[a-zA-Z0-9].js )) expression and for codewords listed in the file check_websites.words which MIGHT be a hint of assive_hack_defacement (sql_injection) done during the last weeks (apr may/2008)
this tool is made to run as a cronjob; there's no output on the screen (yet); this script generates a logfile in the installation directory and a mail from output.
if you want to check sql_dbs you have to create a dump.sql and check this file (therefore the dump has to be included within the $document_root; you should chmod 700 that directory and 400 all files included. You have to name it anything.sql because .sql_files are scanned as well as all files with endings listed in $htdocs_format (*.*htm* are checked by default)
see run_before_template.sh / run_after_template.sh how we did this with a mysql_dump; this copies at first the daily dump somewhere under $document_root (/srv/www/htdocs/mysqlcheck in this case), extracts the bzip2_file to a sql file and searches then this file for sql_injections. done this with the daily sql_dump of all databases you have a daily check within all sql_db and tables.
What's New in This Release: [ read full changelog ]
· check_logfiles (modified logwatch) included
· check_website checks now for files in doc_root
· all find now nice n -19
· check_websites bugfixes -> doesnt abort if checking non_exisiting files / wronge inodes etc