判断文件是否被恶意篡改
程序员文章站
2022-07-10 08:23:13
...
在这里主要通过脚本来判断文件是否被修改,如果被修改,就进行警报:
#!/bin/bash
. /etc/init.d/functions
numbers=`ls |wc -l`
for i in $( seq 1 $numbers )
do
file1=`ls /test/ | sed -n ${i}p`
file2=` cat /txt | grep $file1 | awk '{print $2}' `
if [ "$file1" != "$file2" ]
then
echo $file1 is more add!
else
size1=` cat /test/$file1 |wc -L `
size2=` cat /txt | grep $file1 | awk '{print $1}'`
if [ $size1 -eq $size2 ]
then
action "$file1" /bin/true
else
action "$file2" /bin/false
fi
fi
done
numbers1=`cat /txt|wc -l `
for m in $( seq 1 $numbers1 )
do
file3=`cat /txt|sed -n ${m}p|awk '{print $2}'`
file4=`ls /test|grep $file3`
if [ "$file3" != "$file4" ]
then
printf "$file3 is queshao!\n"
fi
done
##此脚本只能判断大多数的篡改情况通过md5命令给重要文件进行指纹备份,查看时将指纹进行对比,若指纹不一样即已被篡改!
#!/bin/bash
. /etc/init.d/functions
numbers=`cat /check.txt |wc -l`
for i in $( seq 1 $numbers )
do
md5sum -c /check.txt >/ok.txt 2>1&
fu=`cat /ok.txt|awk '{print $2}' |sed -n ${i}p`
file=`cat /check.txt| awk '{print $2}'| sed -n ${i}p`
if [[ $fu != "OK" ]]
then
action $file /bin/false
else
action $file /bin/true
fi
rm -f /ok.txt
done
cat /test/1
rm -f /test/1
上一篇: C语言小结--结构体
下一篇: python的常用模块