This example shows how to look for infection patterns inside all .php files in a directory tree using find and grep called from a Nagios NRPE plugin written in PERL. You can adjust the behavior by modifying the script, described at the bottom of this post in the Advanced section. On the host to be […]
Requires Python! Scalp Home https://code.google.com/p/apache-scalp/ Download Scalp: https://code.google.com/p/apache-scalp/downloads/detail?name=scalp-0.4.py Backup Link: http://www.wyzaerd.com/scalp/scalp-0.4.py Original (Broken) XML Rules File: https://dev.itratos.de/projects/php-ids/repository/raw/trunk/lib/IDS/default_filter.xml Fixed XML Rules File: http://www.wyzaerd.com/scalp/default_filter.xml To Fix the XML file: Replace: (?:all|distinct|[(!@]*)? with (?:all|distinct|[(!@]+)? and: (?i:(\%SYSTEMROOT\%)) with (?:(\%[sS][yY][sS][tT][eE][mM][rR][oO][oO][tT]\%)) Examples:
Perl to the Rescue! This perl script cleans just one type of infection as an example. Vary the script to search for and clean other combinations and patterns. Also, the script is deliberately written long-hand and verbose, and could be significantly more compact and efficient. It was done this way for ease of use and […]
erics, January 25th, 2016 
Categories: How-To's, Technology hack, howto, Infected, Infection, nagios, NRPE, Plugin, tips
| 
No comments 
