Exploit Scanner as cron job

By zaba - October 15, 2013 - edited: October 15, 2013

Hi I have the multi licence version of exploit scanner.

I want to run this as a cron job on my vps to scan all of my sites daily at a specific time and email the report back to me. Is this something that it is capable of doing or at least setting up to do?

also maldet is picking xs.php as a virus and quarantining it.

http://www.rfxn.com/projects/linux-malware-detect/

By jenolan - October 15, 2013

Create a file in your bin directory called xs, chmod 700 so that it is executable with the contents (changed as required)

#!/bin/bash
php xs.php -p /mySite/Path -l /myLog/Path/xs.log
mail -s "Exploit scan for mySite" myEmail@example.com </myLog/Path/xs.log
rm /myLog/Path/xs.log

From cron

*/30 * * * * php /home/myuser/bin/xs  > /dev/null 2>&1

Will run every 30 minutes, you could change the input path to be a variable to run for each site and all sorts of swanky stuff

---



Peace and Long Life

By ross - October 17, 2013

Hi zaba

Thanks for posting!

I think Larry has you on the right track here. Can you give his idea a go and report back the result? Thanks!

-----------------------------------------------------------
Cheers,
Ross Fairbairn - Consulting
consulting@interactivetools.com

Hire me! Save time by getting our experts to help with your project.
Template changes, advanced features, full integration, whatever you
need. Whether you need one hour or fifty, get it done fast with
Priority Consulting: http://www.interactivetools.com/consulting/

By zaba - October 17, 2013

Hi, sorry for not responding, really appreciate your response Larry, suddenly got very busy and didn't have chance to try it yet. But I intend to give it a spin over the next few days. I'll definitely post back, and I really appreciate you taking the time to post a solution.

By zaba - October 25, 2013

Hi, 

I have finally got round to trying to sort this out.

Sorry I'm no unix bod. Heres what Im trying to do, all my websites are on my server in the directory located at  /var/www/vhosts

I have put xs.php in this directory (hoping that I can scan all the directories for all my sites)

heres the xs file I have created and put in my /bin directory.

#!/bin/bash
php xs.php -p /var/www/vhosts -l /var/log/xs.log
mail -s "Exploit scan for mySite" me@myemail.com </var/log/xs.log
rm /var/log/xs.log

can  I ssh to test this before setting up a cron and if so what should I type in to terminal after I have established the connection?

also may need some help with setting up the cron as using the latest plesk, heres a grab of the cp I want to schedule it to run every morning at 4:am

could you take a look at the grab and tell me what I need to fill in the blanks.

Sorry for being a pain.. and really be greatfull if you could help some more

By jenolan - October 25, 2013

php xs.php -p /var/www/vhosts -l /var/log/xs.log

Needs to be

php /var/www/vhosts/xs.php -p /var/www/vhosts -l /var/log/xs.log

To run from ssh

php /var/www/vhosts/xs.php -p /var/www/vhosts 

The cron thingy minute 0, hour 4, DOM *, Month *, DOW *, command

/home/myuser/bin/xs  > /dev/null 2>&1

Please note that you need to put a valid email in to replace 'me@myemail.com'

---



Peace and Long Life

By zaba - October 26, 2013

Hey, thanks for that, just run the script via ssh after making those corrections, works perfectly. Gonna set up the cron job now.

I must say that I have utmost respect for people answering in these forums and parting with your knowledge and experience. I am sure I speak for many people in this forum. So thank you!!

and also thanks to IT for providing the best cms known to man. It really does give you the freedom to do what you want without constraints.

Cheers Chris. (zaba)

By zaba - October 29, 2013

Hi,

I have set up the cron job but getting the error:

/bin/sh:  /dev/null 2: No such file or directory

mailed back to me

this is using below as the command

/bin/xs  > /dev/null 2>&1

what does the >/dev/null 2>&1 mean exactly and what directory does it need to be for it to work.

Sorry its all a bit confusing.

(the xs script is in the /bin directory) the xs.php is in the /var/www/vhosts directory

By jenolan - October 29, 2013

/dev/null is the standard place on a linux server to send output you want to trash, it is a unbuntu, red hat etc?

You might not have permission to access the /dev directory or something? Best ask your hosting provider.

---



Peace and Long Life