Exploit Scanner as cron job

By zaba - October 15, 2013 - edited: October 15, 2013

Hi I have the multi licence version of exploit scanner.

I want to run this as a cron job on my vps to scan all of my sites daily at a specific time and email the report back to me. Is this something that it is capable of doing or at least setting up to do?

also maldet is picking xs.php as a virus and quarantining it.

http://www.rfxn.com/projects/linux-malware-detect/

By jenolan - October 15, 2013

Create a file in your bin directory called xs, chmod 700 so that it is executable with the contents (changed as required)

#!/bin/bash
php xs.php -p /mySite/Path -l /myLog/Path/xs.log
mail -s "Exploit scan for mySite" myEmail@example.com </myLog/Path/xs.log
rm /myLog/Path/xs.log

From cron

*/30 * * * * php /home/myuser/bin/xs  > /dev/null 2>&1

Will run every 30 minutes, you could change the input path to be a variable to run for each site and all sorts of swanky stuff

---
<?= "Jenolan(Larry) :: Coding Since 1973" ?>
Peace and Long Life

By ross - October 17, 2013

Hi zaba

Thanks for posting!

I think Larry has you on the right track here. Can you give his idea a go and report back the result? Thanks!

-----------------------------------------------------------
Cheers,
Ross Fairbairn - Consulting
consulting@interactivetools.com

Hire me! Save time by getting our experts to help with your project.
Template changes, advanced features, full integration, whatever you
need. Whether you need one hour or fifty, get it done fast with
Priority Consulting: http://www.interactivetools.com/consulting/

By zaba - October 17, 2013

Hi, sorry for not responding, really appreciate your response Larry, suddenly got very busy and didn't have chance to try it yet. But I intend to give it a spin over the next few days. I'll definitely post back, and I really appreciate you taking the time to post a solution.

By zaba - October 25, 2013

Hi, 

I have finally got round to trying to sort this out.

Sorry I'm no unix bod. Heres what Im trying to do, all my websites are on my server in the directory located at  /var/www/vhosts

I have put xs.php in this directory (hoping that I can scan all the directories for all my sites)

heres the xs file I have created and put in my /bin directory.

#!/bin/bash
php xs.php -p /var/www/vhosts -l /var/log/xs.log
mail -s "Exploit scan for mySite" me@myemail.com </var/log/xs.log
rm /var/log/xs.log

can  I ssh to test this before setting up a cron and if so what should I type in to terminal after I have established the connection?

also may need some help with setting up the cron as using the latest plesk, heres a grab of the cp I want to schedule it to run every morning at 4:am

could you take a look at the grab and tell me what I need to fill in the blanks.

Sorry for being a pain.. and really be greatfull if you could help some more

By jenolan - October 25, 2013

php xs.php -p /var/www/vhosts -l /var/log/xs.log

Needs to be

php /var/www/vhosts/xs.php -p /var/www/vhosts -l /var/log/xs.log

To run from ssh

php /var/www/vhosts/xs.php -p /var/www/vhosts 

The cron thingy minute 0, hour 4, DOM *, Month *, DOW *, command

/home/myuser/bin/xs  > /dev/null 2>&1

Please note that you need to put a valid email in to replace 'me@myemail.com'

---
<?= "Jenolan(Larry) :: Coding Since 1973" ?>
Peace and Long Life

By jenolan - October 27, 2013

You are quite welcome, it is nice to be in a place where people are friendly.

---
<?= "Jenolan(Larry) :: Coding Since 1973" ?>
Peace and Long Life

By zaba - October 29, 2013

Hi,

I have set up the cron job but getting the error:

/bin/sh:  /dev/null 2: No such file or directory

mailed back to me

this is using below as the command

/bin/xs  > /dev/null 2>&1

what does the >/dev/null 2>&1 mean exactly and what directory does it need to be for it to work.

Sorry its all a bit confusing.

(the xs script is in the /bin directory) the xs.php is in the /var/www/vhosts directory

By jenolan - October 29, 2013

/dev/null is the standard place on a linux server to send output you want to trash, it is a unbuntu, red hat etc?

You might not have permission to access the /dev directory or something? Best ask your hosting provider.

---
<?= "Jenolan(Larry) :: Coding Since 1973" ?>
Peace and Long Life