LP-MSH-Scanner/run.sh

#bin/sh!

# defines
user = $(whoami)
log_file = $user.txt

echo '[*] Fixing file and folder permissions:'; 
    # Directories
    find public_html/ -perm 0000 -follow -type d -print -exec chmod 755 {} \; >> $log_file
    find public_html/ -perm +og+w -follow -type d -print -exec chmod 755 {} \; >> $log_file
    # Files
    find public_html/ -perm 0000 -follow -type f -print -exec chmod 644 {} \; >> $log_file
    find public_html/ -perm 0400 -follow -type f -print -exec chmod 644 {} \; >> $log_file
    find public_html/ -perm 0440 -follow -type f -print -exec chmod 644 {} \; >> $log_file
    find public_html/ -perm 0444 -follow -type f -print -exec chmod 644 {} \; >> $log_file
    find public_html/ -perm 0555 -follow -type f -print -exec chmod 644 {} \; >> $log_file
    find public_html/ -perm +og+w -follow -type f -print -exec chmod 644 {} \; >> $log_file
    # Perl/CGI
    find public_html/ -perm +og+w -follow -type f -name "*.cgi" -print -exec chmod 755 {} \; >> $log_file
    find public_html/ -perm +og+w -follow -type f -name "*.pl" -print -exec chmod 755 {} \; >> $log_file

echo
echo '[*] Removing data garbage like error logs:'; 

echo >> $log_file
    find public_html/ -type f -name "error_log" -exec rm -rfv {} \; >> $log_file

echo '[*] Running the malware cleaner:';
    perl public_html/LP-MSH-Scanner/malwaresh.pl $user >> $log_file
echo >> $log_file
echo '[*] Running the Python scanner :';
    python public_html/LP-MSH-Scanner/scan.py --minscore=10 /home/$user | grep filename >> $log_file
echo >> $log_file
echo '[*] Running the CMS Version Scanner:';
    php -d memory_limit=512M public_html/LP-MSH-Scanner/cms-vss.php $user >> $log_file
echo >> $log_file
echo '[*] Running the PHP Scanner:';
    cd /home/$user/public_html/LP-MSH-Scanner && php -d memory_limit=512M scan.php >> /home/$user/$log_file
echo >> 
# SOP
# Fix .htaccess
# find /home/$(whoami)/public_html/ -type f -name ".htaccess -print -exec cat $htaccess >> {} \;
# Fix php.ini / .user.ini
# find /home/$(whoami)/public_html/ -type f -name ".user.ini" -print -exec cat $php-ini >> {} \;
# find /home/$(whoami)/public_html/ -type f -name "php.ini" -print -exec cat $php-ini >> {} \;
# Fix /tmp
# find /home/$(whoami)/public_html -type d -name "uploads" -print -exec cat $tmp >> {} \;
# Full cPanel backup
# DIRSIZE = "du -shb /home/$(whoami) | cut -f1";
#   if [[ $DIRSIZE <  5368709120 ]]; then
#   do_backup
#   fi
#
# checking for unrelated
echo '[*] Suspicious files in /tmp?';
    ls -al /tmp/ | grep $user | grep -v sess_
echo
echo '[*] Processes running:';
    ps -eo pid,user,cmd | grep $user
echo '[*] Checking for Unrelated Data'; 
echo >> $log_file
echo '[*] Directories with more than 1GB size:'; 
    du -h ./ | grep '[0-9]G\>' >> $log_file
echo >> $log_file
echo '[*] Files with more than 10M size:'; 
    find ./ -size +10000k -exec du -sh {} \; >> $log_file

    echo "Results available in: /home/$user/$log_file" | mail -s 'MSH Scan of `whoami`' mshteam@lunarpages.com 

echo '[*] Job done... removing the scanner';
    rm -rf /home/$user/public_html/LP-MSH-Scanner
new patterns, automation 2019-02-09 10:09:34 +01:00			`#bin/sh!`

rewritten variables 2019-02-09 21:03:03 +01:00			`# defines`
			`user = $(whoami)`
			`log_file = $user.txt`

tweaks 2019-02-09 10:50:46 +01:00			`echo '[*] Fixing file and folder permissions:';`
changed mailing options 2019-02-09 20:53:17 +01:00			`# Directories`
rewritten variables 2019-02-09 21:03:03 +01:00			`find public_html/ -perm 0000 -follow -type d -print -exec chmod 755 {} \; >> $log_file`
			`find public_html/ -perm +og+w -follow -type d -print -exec chmod 755 {} \; >> $log_file`
changed mailing options 2019-02-09 20:53:17 +01:00			`# Files`
rewritten variables 2019-02-09 21:03:03 +01:00			`find public_html/ -perm 0000 -follow -type f -print -exec chmod 644 {} \; >> $log_file`
			`find public_html/ -perm 0400 -follow -type f -print -exec chmod 644 {} \; >> $log_file`
			`find public_html/ -perm 0440 -follow -type f -print -exec chmod 644 {} \; >> $log_file`
			`find public_html/ -perm 0444 -follow -type f -print -exec chmod 644 {} \; >> $log_file`
			`find public_html/ -perm 0555 -follow -type f -print -exec chmod 644 {} \; >> $log_file`
			`find public_html/ -perm +og+w -follow -type f -print -exec chmod 644 {} \; >> $log_file`
new patterns, automation 2019-02-09 10:09:34 +01:00			`# Perl/CGI`
rewritten variables 2019-02-09 21:03:03 +01:00			`find public_html/ -perm +og+w -follow -type f -name "*.cgi" -print -exec chmod 755 {} \; >> $log_file`
			`find public_html/ -perm +og+w -follow -type f -name "*.pl" -print -exec chmod 755 {} \; >> $log_file`
changed mailing options 2019-02-09 20:53:17 +01:00
new patterns, automation 2019-02-09 10:09:34 +01:00			`echo`
tweaks 2019-02-09 10:50:46 +01:00			`echo '[*] Removing data garbage like error logs:';`
changed mailing options 2019-02-09 20:53:17 +01:00
rewritten variables 2019-02-09 21:03:03 +01:00			`echo >> $log_file`
			`find public_html/ -type f -name "error_log" -exec rm -rfv {} \; >> $log_file`
updated run.sh 2019-02-09 10:22:28 +01:00
tweaks 2019-02-09 10:50:46 +01:00			`echo '[*] Running the malware cleaner:';`
rewritten variables 2019-02-09 21:03:03 +01:00			`perl public_html/LP-MSH-Scanner/malwaresh.pl $user >> $log_file`
			`echo >> $log_file`
tweaks 2019-02-09 10:50:46 +01:00			`echo '[*] Running the Python scanner :';`
rewritten variables 2019-02-09 21:03:03 +01:00			`python public_html/LP-MSH-Scanner/scan.py --minscore=10 /home/$user \| grep filename >> $log_file`
			`echo >> $log_file`
tweaks 2019-02-09 10:50:46 +01:00			`echo '[*] Running the CMS Version Scanner:';`
rewritten variables 2019-02-09 21:03:03 +01:00			`php -d memory_limit=512M public_html/LP-MSH-Scanner/cms-vss.php $user >> $log_file`
			`echo >> $log_file`
tweaks 2019-02-09 10:50:46 +01:00			`echo '[*] Running the PHP Scanner:';`
rewritten variables 2019-02-09 21:03:03 +01:00			`cd /home/$user/public_html/LP-MSH-Scanner && php -d memory_limit=512M scan.php >> /home/$user/$log_file`
			`echo >>`
changed mailing options 2019-02-09 20:53:17 +01:00			`# SOP`
			`# Fix .htaccess`
			`# find /home/$(whoami)/public_html/ -type f -name ".htaccess -print -exec cat $htaccess >> {} \;`
			`# Fix php.ini / .user.ini`
			`# find /home/$(whoami)/public_html/ -type f -name ".user.ini" -print -exec cat $php-ini >> {} \;`
			`# find /home/$(whoami)/public_html/ -type f -name "php.ini" -print -exec cat $php-ini >> {} \;`
			`# Fix /tmp`
			`# find /home/$(whoami)/public_html -type d -name "uploads" -print -exec cat $tmp >> {} \;`
			`# Full cPanel backup`
			`# DIRSIZE = "du -shb /home/$(whoami) \| cut -f1";`
			`# if [[ $DIRSIZE < 5368709120 ]]; then`
			`# do_backup`
			`# fi`
			`#`
			`# checking for unrelated`
rewritten variables 2019-02-09 21:03:03 +01:00			`echo '[*] Suspicious files in /tmp?';`
			`ls -al /tmp/ \| grep $user \| grep -v sess_`
			`echo`
			`echo '[*] Processes running:';`
			`ps -eo pid,user,cmd \| grep $user`
changed mailing options 2019-02-09 20:53:17 +01:00			`echo '[*] Checking for Unrelated Data';`
rewritten variables 2019-02-09 21:03:03 +01:00			`echo >> $log_file`
changed mailing options 2019-02-09 20:53:17 +01:00			`echo '[*] Directories with more than 1GB size:';`
rewritten variables 2019-02-09 21:03:03 +01:00			`du -h ./ \| grep '[0-9]G\>' >> $log_file`
			`echo >> $log_file`
changed mailing options 2019-02-09 20:53:17 +01:00			`echo '[*] Files with more than 10M size:';`
rewritten variables 2019-02-09 21:03:03 +01:00			`find ./ -size +10000k -exec du -sh {} \; >> $log_file`
changed mailing options 2019-02-09 20:53:17 +01:00
fixed an echo 2019-02-09 21:07:16 +01:00			echo "Results available in: /home/$user/$log_file" \| mail -s 'MSH Scan of `whoami`' mshteam@lunarpages.com
changed mailing options 2019-02-09 20:53:17 +01:00
tweaks 2019-02-09 10:50:46 +01:00			`echo '[*] Job done... removing the scanner';`
rewritten variables 2019-02-09 21:03:03 +01:00			`rm -rf /home/$user/public_html/LP-MSH-Scanner`
added mailing 2019-02-09 10:29:35 +01:00