Bradford Morgan White
113 lines
4.1 KiB
Bash
113 lines
4.1 KiB
Bash
##############
|
|
# WPM VERIFY #
|
|
##############
|
|
|
|
function verify() {
|
|
POSIT=();
|
|
while [[ $# -gt 0 ]]; do
|
|
KEY="$1"
|
|
case $KEY in
|
|
-s|--scan) SCAN="yes" ;;
|
|
-m|--md5) HASH="yes" ;;
|
|
-b|--backup) BACKUP="yes" ;;
|
|
-r|--replace) REPLACE="yes" ;;
|
|
-p|--path) DESTDIR="$2" ; shift ;;
|
|
*) echo "$1 not implemented" ; POSIT+=("$1") ;;
|
|
esac
|
|
shift
|
|
done
|
|
set -- "${POSIT[@]}";
|
|
|
|
SCAN="${SCAN:-no}"
|
|
HASH="${HASH:-no}"
|
|
BACKUP="${BACKUP:-no}"
|
|
REPLACE="${REPLACE:-no}"
|
|
DESTDIR="${DESTDIR:-`pwd`}"
|
|
local DATETIME=`date +%Y%m%d.%H%M`
|
|
|
|
[ -d $DESTDIR ] || echo "directory $DIR does not exist"
|
|
[ -d $DESTDIR ] || exit 1
|
|
cd $DESTDIR
|
|
|
|
[ -f wp-config.php ] || echo "this isn't a wordpress installation"
|
|
[ -f wp-config.php ] || exit 1
|
|
|
|
echo "==WPM VERIFY CALLED ON $DATETIME WITH VERSION $WPMVERSION==" | tee -a $LOGFILE
|
|
echo "==UNIQUE IDENTIFIER $INSTANCEID==" | tee -a $LOGFILE
|
|
|
|
echo "==$INSTANCEID==Executing verify on $DESTDIR" | tee -a $LOGFILE
|
|
|
|
if [ "$BACKUP" == "yes" ]; then
|
|
backup -p $DESTDIR -s
|
|
fi
|
|
|
|
##################
|
|
# MD5 COMPARISON #
|
|
##################
|
|
if [ "$HASH" == "yes" ]; then
|
|
# FIRST, GET THE LOCALLY INSTALLED VERSION
|
|
local VERSION=`grep '$wp_version =' $DESTDIR/wp-includes/version.php | cut -f 2 -d '=' | cut -f 2 -d "'"`
|
|
[ -z $VERSION ] && echo "Could not determine the WP version"
|
|
[ -z $VERSION ] && exit 1
|
|
|
|
echo "==$INSTANCEID==Hash called on WP version $VERSION" | tee -a $LOGFILE
|
|
|
|
# MAKE OUR DIRECTORY FOR WORK
|
|
try mkdir -p $TEMPDIR/verify/$VERSION
|
|
|
|
# GET THE VERSION FROM WP
|
|
try wget -O $TEMPDIR/verify/wordpress.$VERSION.tgz https://wordpress.org/wordpress-$VERSION.tar.gz --no-check-certificate &> /dev/null
|
|
echo "==$INSTANCEID==Successfully got $TEMPDIR/verify/wordpress.$VERSION.tgz" | tee -a $LOGFILE
|
|
|
|
# LET'S EXTRACT IT
|
|
try tar -xzf $TEMPDIR/verify/wordpress.$VERSION.tgz -C $TEMPDIR/verify/$VERSION/
|
|
|
|
# MD5 THE VERSION FROM WP
|
|
find $TEMPDIR/verify/$VERSION/wordpress/ -type f -exec md5sum {} \; > $TEMPDIR/verify/$VERSION/record.lst
|
|
|
|
# MD5 THE VERSION CURRENTLY INSTALLED
|
|
find . -type f -exec md5sum {} \; > $TEMPDIR/verify/$VERSION/installed.lst
|
|
|
|
while read LINE; do
|
|
RECORD_FIELD_1=`echo $line | cut -f 1 -d ' '`
|
|
RECORD_FIELD_2=`echo $line | cut -f 2 -d ' '`
|
|
WP_FILE=`echo $RECORD_FIELD_2 | rev | cut -d '/' -f 1 | rev`
|
|
INSTALLED_FIELD_1=`grep "$WP_FILE" $TEMPDIR/verify/$VERSION/installed.lst | cut -f 1 -d ' '`
|
|
INSTALLED_FIELD_2=`grep "$WP_FILE" $TEMPDIR/verify/$VERSION/installed.lst | cut -f 2 -d ' '`
|
|
if [ "$RECORD_FIELD_1" != "$INSTALLED_FIELD_1" ]; then
|
|
echo "==$INSTANCEID==$WP_FILE DIFFERENCE DETECTED!" | tee -a $LOGFILE
|
|
echo "==$INSTANCEID==DEBUG OUTPUT: record $RECORD_FIELD_2; installed $INSTALLED_FIELD_2" | tee -a $LOGFILE
|
|
echo "==$INSTANCEID==DEBUG OUTPUT: md5 record $RECORD_FIELD_1; md5 installed $INSTALLED_FIELD_1" | tee -a $LOGFILE
|
|
if [ "$REPLACE" == "yes" ] && [[ ! "${INSTALLED_FIELD_2}" != *"wp-config.php"* ]]; then
|
|
try cp $RECORD_FIELD_2 ./$INSTALLED_FIELD_2
|
|
echo "==$INSTANCEID==$RECORD_FIELD_2 replaced $INSTALLED_FIELD_2" | tee -a $LOGFILE
|
|
fi
|
|
fi
|
|
done <$TEMPDIR/verify/$VERSION/record.lst
|
|
rm -rf $TEMPDIR/verify/$VERSION
|
|
fi # END IF HASH
|
|
|
|
##################
|
|
# VIRUS SCANNING #
|
|
##################
|
|
if [ "$SCAN" == "yes" ]; then
|
|
if maldet 1>/dev/null; then
|
|
try maldet -u
|
|
echo "==$INSTANCEID==Maldet DB updated" | tee -a $LOGFILE
|
|
if [ "$REPLACE" == "yes" ]; then
|
|
maldet --config-option scan_clamscan=1,quarantine_hits=1
|
|
echo "==$INSTANCEID==Maldet config with quarantine" | tee -a $LOGFILE
|
|
else
|
|
maldet --config-option scan_clamscan=1,quarantine_hits=0
|
|
echo "==$INSTANCEID==Maldet config without quarantine" | tee -a $LOGFILE
|
|
fi # END IF REPLACE
|
|
maldet -a $DESTDIR
|
|
echo "==$INSTANCEID==Maldet run on $DESTDIR" | tee -a $LOGFILE
|
|
else
|
|
echo "==$INSTANCEID==Maldet could not run, because not installed" | tee -a $LOGFILE
|
|
fi # END IF MALDET
|
|
fi # END IF SCAN
|
|
|
|
echo "==$INSTANCEID==Verify complete at `date +%Y%m%d.%H%M`" | tee -a $LOGFILE
|
|
}
|