2011-01-06 14:04:33 +01:00
|
|
|
#!/usr/bin/env bash
|
2011-01-06 14:21:38 +01:00
|
|
|
# Author: Oliver Ladner <oli@lugh.ch>
|
|
|
|
|
# License: LGPL
|
|
|
|
|
#
|
2011-01-06 14:04:33 +01:00
|
|
|
# Checks the webroot for files being owned by www daemon and
|
|
|
|
|
# writable at the same time. This is only needed by some files
|
|
|
|
|
# so we'll check with a whitelist.
|
|
|
|
|
# Requires bash 3.2
|
|
|
|
|
|
|
|
|
|
WWWROOT=/var/www/virtsrv
|
|
|
|
|
WWWUSER=www-data
|
|
|
|
|
WHITELIST="(mpd.lugh.ch/music|\
|
|
|
|
|
mail.lugh.ch/config/conf|\
|
|
|
|
|
/turba/config/conf|\
|
|
|
|
|
admin.lugh.ch/webalizer|\
|
|
|
|
|
admin.lugh.ch/munin|\
|
|
|
|
|
oli.lugh.ch/cache|\
|
|
|
|
|
/wp-content/cache|\
|
|
|
|
|
/wp-content/w3tc/objectcache|\
|
|
|
|
|
/wp-content/w3tc/dbcache|\
|
|
|
|
|
/wp-content/w3tc/pgcache|\
|
|
|
|
|
/wp-content/uploads|\
|
|
|
|
|
/piwik/tmp|\
|
|
|
|
|
/piwik/config/config.ini.php|\
|
|
|
|
|
sitemap.xml*|\
|
|
|
|
|
telperien.lugh.ch/gaestebuch/data|\
|
|
|
|
|
telperien.lugh.ch/gaestebuch/data/book.dat
|
|
|
|
|
)"
|
|
|
|
|
listcount=0
|
|
|
|
|
whitelist_matches=0
|
|
|
|
|
|
|
|
|
|
while IFS="" read -r matchedentry; do
|
|
|
|
|
if [[ "$matchedentry" =~ $WHITELIST ]]; then
|
|
|
|
|
whitelist_matches=$((whitelist_matches+1))
|
|
|
|
|
else
|
|
|
|
|
echo -e "$matchedentry\r"
|
|
|
|
|
listcount=$((listcount+1))
|
|
|
|
|
fi
|
|
|
|
|
done < <(find "$WWWROOT" -perm /u+w -user $WWWUSER -o -perm /g+w -group $WWWUSER)
|
|
|
|
|
|
|
|
|
|
if [ $listcount -gt 0 ]; then
|
|
|
|
|
echo "Finished: $listcount items are writable by '$WWWUSER' ($whitelist_matches whitelisted)."
|
|
|
|
|
else
|
|
|
|
|
echo "No writable items found ($whitelist_matches whitelisted)."
|
|
|
|
|
fi
|
|
|
|
|
|
