Best program for monitoring /

[KirstyScott]

Can anyone tell me if theres a free program that monitors your /home/ folder to make sure no new files are being created there (by a hacker), and if so could anyone recommend one for meh that's easy to install and use?

 

Thanks 

[KirstyScott]

No-one know any?

[bdmovies]

I'm not sure of any. However, you could probably whip something up pretty quickly. If the site is small, you could in theory create a white-list array and then scan the directory and if a non-whitelisted file exists send an email or just delete the file etc etc. You could probably build a CRON for that (To be honest, I've never dealt with CRON, but I know it does time based stuff).

[corbin]

Errr....  Wouldn't it be easier to just be fairly certain that a hacker can't write to your /home/ dir?

[KirstyScott]

Errr....  Wouldn't it be easier to just be fairly certain that a hacker can't write to your /home/ dir?

 

What are the steps on doing that?

[corbin]

Well, you have to think about it logically.  Any access point you have could be potentially compromised.  For example, any script that uploads files could be a potential hazard unless the security is correct on it.

 

 

If you're on shared hosting, you need to watch out for other people.  I've seen some shared hosting where there is little protection to keep clients from each other.

 

If you're not on shared hosting, one thing you can do is make Apache run as a user with access only to the web docs.

 

That's pretty much it.  When it comes down to it, you only need to make sure the ways your server is exposed are secure.  Most of those ways will be on purpose.  I see lots of security problems in upload scripts on phpfreaks, for example.

 

 

 

 

If you don't want to go the securing route, though, or maybe you want to do both, a script really wouldn't be hard to write that would catalog files and then see if anything had changed.  You could get really paranoid you wanted and even do md5 hashes of the files (or some other kind of hash).

 

This is the basic gist of what I would do:

 

Here's the psuedo-code of what I would do:

 

-load old list of files into an array.  I would probably store them in a serialized array in a file somewhere.

-loop through the input directory, and make sure folders/files are in the old list

-recurse through any folders.

-If you ever come across a file not in the old list, email your self or something.

 

 

You could even make a safe list of folders, in case you ever wanted to make an upload script or something.  You would just have to check if the file path started with a safe path.

[Mchl]

Why not create MD5 hash of `ls` output?

[corbin]

Ooooo that's a really good idea....  Dunno why I didn't think of that ;p.

 

 

That would be much faster/easier than looping through all of the files/folders.  (Although, essentially that's what ls does.)

[KirstyScott]

 

If you're not on shared hosting, one thing you can do is make Apache run as a user with access only to the web docs.

 

 

This may sound stupid to yah but i'm quite new at php if yah can't tell already 

But how can i make Apache run as a user with access only to the web docs? steps plz 

[corbin]

Don't know the exact steps, but you would want to give the apache user read access (maybe write depending on what you want to do) to files, and then you would have apache started as that user.