email Alert

Hello,

I want a script that will scan the file /etc/httpd/conf/httpd.conf and the folder /etc/httpd/libexec/

-bash-2.05b# grep mod_r /etc/httpd/conf/httpd.conf
LoadModule rewrite_module libexec/mod_rewrite.so
AddModule mod_rewrite.c
-bash-2.05b#

-bash-2.05b# find /etc/httpd/libexec/ -name mod_r*
/etc/httpd/libexec/mod_rewrite.so

If the scan finds malicious entry like

mod_rphp or mod_root in httpd.conf

it will email an alert to a particular email.

-bash-2.05b# grep mod_r /etc/httpd/conf/httpd.conf | grep -v mod_rewrite
-bash-2.05b#

If the scan finds malicious files in the folder /etc/httpd/libexec/ like mod_rphp.so or mod_rootme

-bash-2.05b# find /etc/httpd/libexec/ -name mod_r* | grep -v mod_rewrite.so
-bash-2.05b#

it will email an alert to a particular email.

Please advise.

format is basically..

1)

if
entry exists
do
email alert

2)

if
file exists
do
email alert

Thanks

Are you really looking for an intrusion detection system?

IDS is fine too.. but I want an advice on that script too.

Do a search on this site, there are plenty of examples of people sending emails using scripts.

... ty.. I think I got lazy