-
Notifications
You must be signed in to change notification settings - Fork 25
/
tripwire.php
402 lines (309 loc) · 9.55 KB
/
tripwire.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
<?php
/*
* Tripwire
* Luke Stevenson <www.lucanos.com>
*
* This is a PHP script which will scan files within a directory (including
* sub-directories), calculate their MD5 Hashes and then compare them against
* a log of the results from the previous execution to determine any files
* which have been added, deleted or modified during that period.
*
* Within the Configuration Settings, exclusions can be set for any files/folders
* which should not be checked.
*
* For best results, this file should be triggered by a cron job at regular intervals.
* Also, be sure to add your email address to the Configuration Settings to ensure
* that you recieve the notifications.
*
*/
// Check PHP Version and Die to Error if obsolete
if( !function_exists( 'version_compare' ) || version_compare( PHP_VERSION , '5.1.0' , '<' ) ){
die( 'This script requires at least PHP v5.1.0. You are running v'.PHP_VERSION );
}
set_time_limit( 0 );
if( file_exists( 'tripwire_config.php' ) ){
# Standalone Config File (for easy upgrading of this file)
require_once( 'tripwire_config.php' );
}else{
# Default Configuration
$config = array(
// Debugging (Verbose Output)
'debug' => false ,
// File Containing the MD5 Keys
'md5file' => 'tripwire_filelist.md5' ,
// Delimited for Filelist
'delim' => '&&&' ,
'exclude' => array(
// Specific Files to Exclude from Scanning
'files' => array(
'.' ,
'..' ,
'tripwire_filelist.md5' ,
'tripwire_config.php' ,
'error_log' ,
'backup.zip' ,
'.bash_history' ,
// Apple
'.DS_Store' ,
// Version control
'.git'
) ,
// Extensions to Exclude from Scanning
'extensions' => array(
// Adobe
'afm' ,
'flv' ,
'mno' ,
'pdf' ,
'psd' ,
'swf' ,
// Images
'bmp' ,
'gif' ,
'jpeg' ,
'jpg' ,
'png' ,
// Text
'log' ,
'rdf' ,
'txt' ,
// Video
'mp4' ,
'mov' ,
'ogv' ,
'webm' ,
// Audio
'aif' ,
'mp3' ,
// Microsoft Files
'doc' ,
'docx' ,
'ppt' ,
'pptx' ,
'xls' ,
'xlsx' ,
// Compressed Files
'7z' ,
'gz' ,
'rar' ,
'sitx' ,
'tar' ,
'zip'
)
) ,
'email' => array(
'to' => array( // Email these people on changes
// '[email protected]'
) ,
'title' => '[Tripwire] Change Detected - [X] Files' , // The Email Title
'body' => "Tripwire (https://github.com/lucanos/Tripwire) has detected a number of changes:\n\n[AN] Files Added:\n[AF]\n\n[MN] Files Modified:\n[MF]\n\n[DN] Files Deleted:\n[DF]\n\n" // The Email Template
)
);
}
define( 'DEBUG' , isset( $config['debug'] ) && $config['debug'] );
function debugMsg( $msg = false ){
if( DEBUG && $msg )
echo $msg;
}
function run_tripwire( $dir=false ){
global $config, $filelist;
// If no Directory Specified, Default to the Root of the Site the script is executed under
if( !$dir )
$dir = $_SERVER['DOCUMENT_ROOT'];
// If last character is a slash, strip it off the end
if( substr( $dir , -1 )=='/' )
$dir = substr( $dir , 0 , -1 );
// If the supplied variable is not a Directory, terminate
if( !is_dir( $dir ) ){
debugMsg( "Directory '$dir' does not exist.\n" );
return false;
}
debugMsg( "Checking directory '$dir'\n" );
$temp = array();
$d = dir( $dir );
if($d)
// Loop through the files
while( false!==( $entry = $d->read() ) ){
// Full Entry (including Directory)
$entry_full = $dir.'/'.$entry;
// Debugging
debugMsg( "<tr><th align='left'>$entry_full</th>" );
// Symbolic Link - Excluded
if( @is_link( $entry ) ){
debugMsg( "<td><em>Symbolic Link</em></td></tr>\n" );
continue;
}
// Excluded File/Folder
if( $f1 = in_array( $entry , $config['exclude']['files'] )
|| in_array( $entry_full , $config['exclude']['files'] ) ){
debugMsg( "<td><em>Excluded File/Folder (".array_search( isset( $f1 ) && $f1 ? $entry : $entry_full , $config['exclude']['files'] ).")</em></td></tr>\n" );
continue;
}
// Excluded File Extension
if( in_array( pathinfo( $entry , PATHINFO_EXTENSION ) , $config['exclude']['extensions'] ) ){
debugMsg( "<td><em>Excluded File Extension (".array_search( pathinfo( $entry , PATHINFO_EXTENSION ) , $config['exclude']['extensions'] ).")</em></td></tr>\n" );
continue;
}
if( is_dir( $dir.'/'.$entry ) ){
// Recurse
debugMsg( "<td>Directory - Recursing</td></tr>\n" );
$temp = array_merge( $temp , run_tripwire( $dir.'/'.$entry ) );
}else{
$md5 = @md5_file( $dir.'/'.$entry );
debugMsg( "<td>$md5</td></tr>\n" );
if( !$md5 ){
debugMsg( "<td><strong>Unreadable. Adding to Unreadable List.</strong></td></tr>\n" );
file_put_contents( 'tripwire_unreadable.txt' , "{$dir}/{$entry} - Unreadable\n" , FILE_APPEND );
}else{
$temp[$dir.'/'.$entry] = $md5;
}
}
}
if($d) $d->close();
return $temp;
}
// In case file_put_contents does not exist
if( !function_exists( 'file_put_contents' ) ){
function file_put_contents( $filename , $data ){
$f = @fopen( $filename , 'w' );
if( !$f )
return false;
$bytes = fwrite( $f , $data );
fclose( $f );
return $bytes;
}
}
// Init the Last Check List
$last = array();
// Access the MD5 File List, if it exists
if( file_exists( $config['md5file'] ) ){
$temp = file( $config['md5file'] , FILE_SKIP_EMPTY_LINES );
// Split the MD5 File List into Filename and MD5 Hash
foreach( $temp as $line ){
list( $filename , $md5hash ) = explode( $config['delim'] , str_replace( "\n" , '' , $line ) );
$last[$filename] = $md5hash;
}
unset( $temp );
}
// Format
if( DEBUG ){
?>
<pre><?php var_dump( $config['exclude'] ); ?></pre>
<table border="1" cellpadding="2" cellspacing="0">
<thead>
<tr>
<th>File</th>
<th>Result</th>
</tr>
</thead>
<tbody>
<?php
}
// Init the This Check List
$now = run_tripwire( '.' );
if( DEBUG ){
?>
</tbody>
</table>
<?php
}
// Perform Comparisons
// New Files = Files in $now, but not in $last
$new = array_diff( array_keys( $now ) , array_keys( $last ) );
// Deleted Files = Files in $last, but not in $now
$deleted = array_diff( array_keys( $last ) , array_keys( $now ) );
// Changed Files = Files in $last and $now, but with Different MD5 Hashes
$modified = array_diff_assoc( array_intersect_key( $last , $now ) , array_intersect_key( $now , $last ) );
if( DEBUG ){
echo '<pre>';
echo "\$new\n";
var_dump( $new );
echo "\$deleted\n";
var_dump( $deleted );
echo "\$modified\n";
var_dump( $modified );
echo '</pre>';
}
if( !count( $last ) // If there was no file list
|| ( count( $new ) || count( $deleted ) || count( $modified ) ) ){ // Or a change was detected
# Update the file list
// Init an Array for Lines
$log = array();
// Compress the MD5 Hash Array into lines
foreach( $now as $k => $v )
$log[] = "{$k}{$config['delim']}{$v}";
// Write to the File List
file_put_contents( $config['md5file'] , implode( "\n" , $log ) );
}
// If there was a Filelist from the last run to compare against, and changes have occurred
# Changes Detected
// Prepare Report
if( count( $last )
&& ( count( $new ) || count( $deleted ) || count( $modified ) ) ){
# Changes Detected
// Prepare the placeholder details
$body_replacements = array(
'[AN]' => count( $new ) ,
'[AF]' => ( count( $new ) ? implode( "\n" , $new ) : 'No Files' ) ,
'[MN]' => count( $modified ) ,
'[MF]' => ( count( $modified ) ? implode( "\n" , array_keys( $modified ) ) : 'No Files' ) ,
'[DN]' => count( $deleted ) ,
'[DF]' => ( count( $deleted ) ? implode( "\n" , $deleted ) : 'No Files' ) ,
);
$title = str_replace( '[X]' , ( count( $new )+count( $deleted )+count( $modified ) ) , $config['email']['title'] );
// Send Email Flag
$sendEmail = true;
}elseif( count( $last ) ){
# No Changes Detected
// Prepare the placeholder details
$body_replacements = array(
'[AN]' => 0 ,
'[AF]' => 'No Files' ,
'[MN]' => 0 ,
'[MF]' => 'No Files' ,
'[DN]' => 0 ,
'[DF]' => 'No Files' ,
);
$title = str_replace( '[X]' , 0 , $config['email']['title'] );
// Send Email Flag
$sendEmail = false;
}else{
# First Run
// Prepare the placeholder details
$body_replacements = array(
'[AN]' => count( $new ) ,
'[AF]' => ( count( $new ) ? implode( "\n" , $new ) : 'No Files' ) ,
'[MN]' => 0 ,
'[MF]' => 'No Files' ,
'[DN]' => 0 ,
'[DF]' => 'No Files' ,
);
$title = str_replace( '[X]' , count( $new ) , $config['email']['title'] );
// Adjust the Template
$config['email']['body'] = "Tripwire has made it's first pass of your files.\n\n".$config['email']['body'];
// Send Email Flag
$sendEmail = true;
}
// Perform the Placeholder Substitutions within the Body
$body = str_replace(
array_keys( $body_replacements ) ,
$body_replacements ,
$config['email']['body']
);
if( count( $config['email']['to'] ) ){
if( $sendEmail ){
// Prepare the recipients
$to = implode( ', ' , $config['email']['to'] );
// Send it
if( mail( $to , $title , $body ) ){
echo "Email Sent Successfully\n";
}else{
echo "Email Failed\n";
}
}else{
// No Email Needed
}
}else{
// Just echo the result
echo '<pre>'.$body.'</pre>';
}