14:开发脚本入侵检测与报警案例
面试及实战考试题:监控web站点目录(/var/html/www)下所有文件是否被恶意篡改(文件内容被改了),如果有就打印改动的文件名(发邮件),定时任务每3分钟执行一次。
解答:
[root@web03 scripts]# cat web_check.sh #!/bin/bash wzml=/application/tomcat8_1/webapps/ROOT m5_file=/server/scripts/tmcat_m5.txt jg_file=/server/scripts/jg.txt function save_file() { find ${wzml} -type f|xargs md5sum >${m5_file} } function check_file () { fl_count=$(md5sum -c ${m5_file} |grep FAIL[E]D|wc -l) if [ ${fl_count} -gt 0 ] then echo "$(md5sum -c ${m5_file} |grep FAIL[E]D)" |mail -s "发送部分内容失败" 641627690@qq.com else echo "MD5检测 $(date) 正常" >>${jg_file} fi } if [ ! -f ${m5_file} ] then save_file check_file else check_file fi
[root@web03 scripts]# crontab -l
*/5 * * * * sh /server/scripts/web_check.sh