My Note (to check there is no bad code (Code injection) in files)
check_www_bad_code.sh
#!/bin/sh
badcode_file="/tmp/badcode_result.txt"
cat /dev/null > ${badcode_file}
echo "===== [base64_decode] ======" >> ${badcode_file}
find /www/ -not -path '*/.svn/*' -type f -print0 | xargs -0 grep -Inle 'base64_decode' >> ${badcode_file}
echo "===== [eval] ======" >> ${badcode_file}
find /www/ -not -path '*/.svn/*' -type f -print0 | xargs -0 grep -Inle 'eval' >> ${badcode_file}
echo "===== [modified within three days] ======" >> ${badcode_file}
find /www/ -mtime -3d -not -path '*/.svn/*' -type f -print0 | xargs -0 grep -Inle 'eval' >> ${badcode_file}
cat ${badcode_file}
More: http://gala4th.blogspot.com/2010/08/some-drupal-scripts-got-affected-today.html
To find all files modified within the last 3 days, excluding .svn related files.
# find /www/ -mtime -3d -not -path '*/.svn/*' -type f
To find all files modified within the last 5 days:
# find /www/ -mtime -5 -print
Note: The – in front of the 5 modifies the meaning of the time as "less than five days".
Note: the trailing slash of a directory is necessary if the directory is a symbolic link (ex: /www/).
To find all files modified modified more than five days ago.
# find /www/ -mtime +5 -print
To find all files modified exactly five days ago.
# find /www/ -mtime 5 -print
Note: Without the + or -, the command would find files with a modification time of five days ago, not less or more.
Possible time units are as follows:
s second m minute (60 seconds) h hour (60 minutes) d day (24 hours) w week (7 days)
Reference:
http://www.tech-recipes.com/rx/37/find-unix-files-modified-within-a-number-of-days/
No comments:
Post a Comment