To get a complete listing of all the files in your site, you can use this command line with exactly this capitalization:ls -1aFlqR
1 = one entry per line
a = all files (including
hidden)
F = show file type
l = long form -- the whole kit and caboodle
q = show filenames with nonprintable characters
R = recursively list all directories below this one
I opted to use the default sort order for the ls command, and NOT sort by last-modified timestamp, because if you're going to compare TWO of these listings, you want the files listed in the exact same order.
Agreed. Don't sort the listing by time -- let it come out in alphabetical order.
ls -t = sort by timestamp
ls -r = reverse order (descending instead of ascending order)
Now that I have the file listing I need, I don't plan to run this cron job at any specified interval such as to discover a hack. I figure the fact that a hack has taken place will be obvious enough that one doesn't need to hunt for it. This listing is only for identifying suspicious files to examine after you know a hack has occurred.
I disagree. There have been
many reports of hacked pages and scripts which don't reveal themselves in obvious manners. Someone may be using your site and account to spam, or put in lots of invisible links to porn sites to boost their Google rankings. Even if nothing odd seems to be happening, it's best to review your site on a regular basis.
Here are some sample output lines:
drwx--x--x 497 root root 12288 Feb 5 00:06 ../
drwxrwx--- 3 UserID mail 4096 Feb 3 11:20 mail/
drwxr-x--- 3 UserID UserID 4096 Jan 6 2006 public_ftp/
drwxr-x--- 33 UserID nobody 4096 Feb 5 20:51 public_html/
The first character is the file type, "-" for file, "d" for directory, "l" for link. The remaining 9 characters are the permissions levels.
rwx are
read,
write, and e
xecute permission.
- means this group does
not have this particular permission.
The three groups are owner (your) permissions, your
group's permissions, and world (everyone else's) permissions. Sometimes referred to as
user, group, and
other.
I don't know what the 2nd column is.
The number of internal hard links to this file or directory. This listing appears to be at the level
/home/<account name>/, so
.. is
/home and that's going to have links to it from every account on this system (several hundred) plus any other stuff under
/home. A directory will have a hard link from every file and directory
directly under it.
The 3rd and 4th columns must have to do with who created the file or who owns it or who last modified it?
The owner ID and the group ID of the directory or file.
The next column is the file size, then the month and day. The next column will be a misery for a database import: it's the last-modified timestamp unless it's old, in which case it's the year!
Good point. At some point (6 months?) the date/time stamp format changes over to lose the time and gain the year. Incidentally, this timestamp is by default the time the directory or file was
last modified.
ls -u = display
last access timestamp.
The last column is the file name, followed by a "/" if it's a directory rather than a file.
The -F flag tells ls to add / for directories, * for executables, and maybe other stuff (@ for soft links?). Omit the -F flag to get just the name.
Dilber MC Theme by HarzeM