find ./ -user apache | egrep htaccess find ./ -user apache |egrep -v ".jpg"|egrep -v ".JPG"|egrep -v ".pdf"|egrep -v ".gif" |egrep -v ".png" > youbuy.jp.txt find ./ -user apache |mail -s "apache files" metehan.ozcan@technopian.com /home/sites/www.whatislife.jp/htdocs/tmp ll default2.php -rw-r--r-- 1 apache apache 21888 Apr 6 09:15 default2.php /home/sites/fis.e-school.jp/htdocs/include/ ll default2.php -rw-r--r-- 1 apache apache 21888 Apr 16 01:57 default2.php /home/sites/www.youbuy.jp/htdocs/images/ ll default2.php -rw-r--r-- 1 apache apache 21888 Apr 6 09:02 default2.php [/var/log/httpd/biokura.e-school.jp] ls -ltr -rw-rw-r-- 1 development development 144 Apr 5 00:02 error_log.18.gz -rw-rw-r-- 1 development development 144 Apr 6 00:02 error_log.17.gz -rw-rw-r-- 1 development development 8673 Apr 6 00:02 access_log.17.gz -rw-rw-r-- 1 development development 144 Apr 8 00:02 error_log.16.gz -rw-rw-r-- 1 development development 9779 Apr 8 00:02 access_log.16.gz -rw-rw-r-- 1 development development 144 Apr 9 00:02 error_log.15.gz -rw-rw-r-- 1 development development 1815 Apr 9 00:02 access_log.15.gz find ./ -user apache |egrep -v ".jpg"|egrep -v ".jpeg"|egrep -v ".JPG"|egrep -v ".pdf"|egrep -v ".gif"|egrep -v ".png"|egrep -v ".css"|egrep -v ".doc"|egrep -v ".tpl"|egrep -v ".xls"|egrep -v ".ppt"|egrep -v ".js"|egrep -v "Permission denied"| less find ./ -user apache |egrep -v ".jpg"|egrep -v ".jpeg"|egrep -v ".JPG"|egrep -v ".pdf"|egrep -v ".gif"|egrep -v ".png"|egrep -v ".css"|egrep -v ".doc"|egrep -v ".tpl"|egrep -v ".xls"|egrep -v ".ppt"|egrep -v ".js"|egrep -v ".log"|egrep -v "Permission denied" > system_check.txt find ./ -user apache |egrep -v ".jpg"|egrep -v ".jpeg"|egrep -v ".JPG"|egrep -v ".pdf"|egrep -v ".gif"|egrep -v ".png"|egrep -v ".css"|egrep -v ".doc"|egrep -v ".tpl"|egrep -v ".xls"|egrep -v ".ppt"|egrep -v ".js"|egrep -v ".log"|egrep -v "Permission denied" | mail -s "apache files" metehan.ozcan@technopian.com 20 21 * * * cd /home/sites/; ./scripts/check_file; -- content of /home/sites/scripts/check_file #! /bin/bash if [[ -s 'system_check.txt' ]] ; then cat 'system_check.txt' | mail -s "apache files HP server" yahyaaydin@softbank.ne.jp metehan1970@softbank.ne.jp else echo "file is empty." fi ; -- end of content of /home/sites/scripts/check_file -- addition into crontab file 05 0 * * * cd /home/sites/; find ./ -user apache |egrep -v ".jpg"|egrep -v ".jpeg"|egrep -v ".JPG"|egrep -v ".pdf"|egrep -v ".gif"|egrep -v ".png"|egrep -v ".css"|egrep -v ".doc"|egrep -v ".tpl"|egrep -v ".xls"|egrep -v ".ppt"|egrep -v ".js"|egrep -v ".log"|egrep -v "Permission denied" > system_check.txt; 45 0 * * * cd /home/sites/; ./scripts/check_file; -- checking log files ●ご確認ください ・以下コマンドを sudo 経由で実行することで、root権限での実行が可能です /bin/cat /usr/bin/grep /usr/bin/less /usr/bin/view /bin/ls /bin/zcat #追加いたしました /usr/bin/zgrep #追加いたしました ex) [development] $ sudo zcat /var/log/httpd/www.youbuy.jp/access_log.4.gz | less ・Tabキーでの補完が効きませんので sudo ls との併用でフルパスを確認/指定しながらご利用ください -- logs on 2011-05-12 around noon time 12:10 -- it seems that /admin/banner_manager.php is the cause and /images/image.php is uploaded after that 93.190.142.49 - - [12/May/2011:12:10:04 +0900] "POST /admin/file_manager.php/login.php?action=save HTTP/1.1" 404 230 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 93.190.142.49 - - [12/May/2011:12:10:05 +0900] "GET /cookie_setup.php?cookie=1 HTTP/1.1" 404 214 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 93.190.142.49 - - [12/May/2011:12:10:09 +0900] "POST /admin/define_language.php/login.php?filename=cookie_usage.php&action=save&language=english HTTP/1.1" 404 233 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 93.190.142.49 - - [12/May/2011:12:10:10 +0900] "GET /cookie_usage.php?language=english&cookie=1 HTTP/1.1" 200 21381 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 93.190.142.49 - - [12/May/2011:12:10:12 +0900] "POST /admin/categories.php/login.php?action=new_product_preview HTTP/1.1" 200 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 93.190.142.49 - - [12/May/2011:12:10:14 +0900] "GET /images/image.php?cookie=1 HTTP/1.1" 404 214 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 93.190.142.49 - - [12/May/2011:12:10:18 +0900] "POST /admin/banner_manager.php/login.php?action=insert HTTP/1.1" 200 19088 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 93.190.142.49 - - [12/May/2011:12:10:21 +0900] "GET /images/image.php?cookie=1 HTTP/1.1" 200 8 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 93.190.142.49 - - [12/May/2011:12:10:04 +0900] "POST /admin/file_manager.php/login.php?action=save HTTP/1.1" 404 230 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 93.190.142.49 - - [12/May/2011:12:10:09 +0900] "POST /admin/define_language.php/login.php?filename=cookie_usage.php&action=save&language=english HTTP/1.1" 404 233 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 93.190.142.49 - - [12/May/2011:12:10:12 +0900] "POST /admin/categories.php/login.php?action=new_product_preview HTTP/1.1" 200 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 93.190.142.49 - - [12/May/2011:12:10:18 +0900] "POST /admin/banner_manager.php/login.php?action=insert HTTP/1.1" 200 19088 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"