Skip to main content

Directory Checksum

Recently I found on some of my websites suspicious files. After some research I discovered that most of my custom html and php files were also modified and were containing base64 encoded code. So I decided to make universal script that will allow me to take site fingerprint and then manually check it for any changes in my files weekly. This php script takes md5sums of all files in directory specified (including subdirectories) and save the result in custom data file. The next time you run it it will show you new files, files that were not changed and files that WERE CHANGED. The output and some other options can be customized inside the code itself. Anyway if you have ssh access to your webserver, you can do almost the same by running


find test5 -type f | xargs md5sum


<?php
#comment this if you want to debug the script
error_reporting(0);
function lookDir($path) {
  $handle = @opendir($path);
  if (!$handle)
  return false;
  while ($item = readdir($handle)) {
  if ($item!="." && $item!="..") {
  if (is_dir($path."/".$item))
  lookDir($path."/".$item);
  else
  checkFile($path."/".$item);
  }
  }
  closedir($handle);
  return true;
}

function checkFile($file) {
  global $hashes;
  global $output;
  global $force_update;
  if (is_readable($file))
  if (!isset($hashes[$file])) {
  $hashes[$file] = md5_file($file);
  if ($output["new"])
  echo $file."\t\tNew\n";
  } elseif ($hashes[$file] == md5_file($file)) {
  if ($output["success"])
  echo $file."\t\tSuccess\n";
  }
  else {
  if ($output["failed"])
  if ($force_update) {
  $hashes[$file]=md5_file($file);
  echo $file."\t\tUpdate forced\n";
  }
  else
  echo $file."\t\tFailed!\n";
  }
}

#directory for checking integrity
$dir = "./test5";

#file for storing fingerprints, should be writeable in case of fingerprints update
$file = "./fingerprints";

#set this value to false if you do not want to update fingerprints
$can_update = true;

#set this to value to true if you want to update fingerprints of modified files
#you should do this only if you had modified files yourself
$force_update = false;

#the output parameters
$output["new"] = true;
$output["success"] = true;
$output["failed"] = true;

header("Content-Type: text/plain");
$hashes = unserialize(file_get_contents($file));
if (!$hashes || !is_array($hashes))
  $hashes = array();
if (!lookDir($dir))
  echo "Could not open the directory ".$dir."\n";
if ($can_update)
  if (file_put_contents($file, serialize($hashes)))
  echo "Fingerprints were updated\n";
  else
  echo "The file cannot be opened for writing! Fingerprints were not updated\n";
else
  echo "Fingerprints were not updated\n";

?>

Comments

Popular posts from this blog

Increase USB Flash Drive Write Speed

The one of the biggest problems of usb flash drives is a slow data write speed. This article will guide you through the process that can possibly increase your flash stick write speed. Okay, first I bought Transcend 8GB usb flash stick. It had been formatted with FAT32 filesystem initially. So I decided to run data read/write speed test. Mount the filesystem and execute following # hdparm -t /dev/sdb /dev/sdb: Timing buffered disk reads: 102 MB in 3.05 seconds = 33.43 MB/sec $ dd count=100 bs=1M if=/dev/urandom of=/media/disk/test 100+0 records in 100+0 records out 104857600 bytes (105 MB) copied, 29.5112 s, 3.6 MB/s The disk read speed is good enough, but the write speed is not so good. That's because most of NAND flash drives (the most commonly used flash sticks) have 128k erase block size. Filesystems usually have 4k (4096 bytes) block size. And here we came into problem. If the filesystem blocks are not aligned to flash drive blocks, the performance overhead during disk writ...

Alsa Audio Meter

If you need to watch the realtime sound output level on some graphical meter, you might consider difficult to find the program for these needs. After some searching I found nice software called ameter especially for these functions. This program can be used with the most of ALSA and OSS apps. After program installation you should create .asoundrc in your home directory with the following contents: pcm_scope.ameter { type ameter } pcm_scope_type.ameter { lib /usr/local/lib/libameter.so } pcm.ameter { type meter slave.pcm 'hw:0,0' #can be hw or hw:0,1 etc... scopes.0 ameter } pcm.dsp0 ameter The program source can be downloaded from here Also I have created an ebuild for easy installation on Gentoo Linux. Simply add it to your local overlay # Copyright 1999-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: $ EAPI="2" DESCRIPTION="Alsa meter plugin for audio software with GUI" HOMEPAGE="http://laugeo.free....

Gentoo Portage SquashFS + zsync

If you are Gentoo user and you're wondering about how to reduce portage tree disk usage and makes emerge --sync faster, this article is for you. Lets talk about key problems of portage tree: Large disk usage because of uncompressed text data Heavy inode usage because of huge amount of files The above problems result in excessive disk I/O during emerge operations. The most popular solution is to squash the portage tree. It is well-described in  this article . But I've made an easier  script that can handle all the headache for you. I hope you like it! :)