Re: Keyword Sanitization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Mon, 4 Nov 2002 11:57:06 -0500
"Warren Lerner" <wdl@zai.com> wrote:

> I am searching for a software based tool or a BASH script to
> search my hard disk under the Red Hat 7.2 OS for keywords
> that are on a list I create. I then need to remove or


This is changed from some other search code I use where I require
a (configurable) amount of some group of keywords in a file before
I want it flagged for my attention.

"find2perl" is the way to start a script like this from scratch.


#!/usr/bin/perl  -w
    eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
	if $running_under_some_shell;

undef $running_under_some_shell;
require "find.pl";

# definitions of desired strings
#  key=<search string>,   value=<description>
#
$controlled{"Einfach hier klicken"} = "German spam";
$controlled{"Wir senden Ihnen einen Link"} = "German spam";
$controlled{"href="} = "hyperlink";

if (scalar @ARGV) {
    @list=@ARGV;
} else {
    @list=("/");
}

undef $/;  #perl slurp mode

# Traverse desired filesystems
foreach $fsystem (@list) {
    print "starting find on :$fsystem:\n";
    &find($fsystem);
}

exit;

sub wanted {
    ($dev,$ino,$mode,$nlink,$uid,$gid) = (0,0,0,0,0,0);
    (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) &&
    -f _ &&
    (int( -s _ ) > 1000) &&
    (int( -s _ ) < 50000000) &&
    &exec();
}

sub exec {
    # The score hash allows us to tune how much indicator we see
    # before we get warned.
    local %score;
    foreach $scan (keys(%controlled)) {
            $score{$controlled{$scan}} = 0;
    }

    (print "Failed to open :$name:\n", return -1) unless
        open (GREP, $name);
    $contents=<GREP>;

    # apply each of the search strings
    foreach $scan (keys(%controlled)) {
        # looking for $scan in $name
        if (0 != grep(/$scan/, $contents)) {
            printf( "   signs of %s in :%s:\n", $controlled{$scan}, $name);
            $score{$controlled{$scan}} ++;
        }
    }
    close (GREP);

    foreach $alarm (keys(%controlled)) {
        printf("%s seen in :$name:\n", $controlled{$alarm})
             if ($score{$controlled{$alarm}});
    }

    return 0;
}

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux