#!/usr/bin/env bash
# Author:  Oliver Ladner <oli@lugh.ch>
# License: LGPL
#
# Checks the webroot for files being owned by www daemon and
# writable at the same time. This is only needed by some files
# so we'll check with a whitelist.
# Requires bash 3.2

WWWROOT=/var/www/virtsrv
WWWUSER=www-data
WHITELIST="(mpd.lugh.ch/music|\
mail.lugh.ch/config/conf|\
/turba/config/conf|\
admin.lugh.ch/webalizer|\
admin.lugh.ch/munin|\
oli.lugh.ch/cache|\
/wp-content/cache|\
/wp-content/w3tc/objectcache|\
/wp-content/w3tc/dbcache|\
/wp-content/w3tc/pgcache|\
/wp-content/uploads|\
/piwik/tmp|\
/piwik/config/config.ini.php|\
sitemap.xml*|\
telperien.lugh.ch/gaestebuch/data|\
telperien.lugh.ch/gaestebuch/data/book.dat
)" 
listcount=0
whitelist_matches=0

while IFS="" read -r matchedentry; do
    if [[ "$matchedentry" =~ $WHITELIST ]]; then
        whitelist_matches=$((whitelist_matches+1))
    else
        echo -e "$matchedentry\r"
        listcount=$((listcount+1))
    fi
done < <(find "$WWWROOT" -perm /u+w -user $WWWUSER -o -perm /g+w -group $WWWUSER)

if [ $listcount -gt 0 ]; then
        echo "Finished: $listcount items are writable by '$WWWUSER' ($whitelist_matches whitelisted)."
else
        echo "No writable items found ($whitelist_matches whitelisted)."
fi