CasperSecurity

Current Path : /home/uietadmin/
Upload File :
Current File : //home/uietadmin/server_security_audit.sh

#!/bin/bash

REPORT="/root/server_security_audit_$(date +%F_%H-%M).log"
WEBROOT="/var/www"

echo "==============================================" | tee -a "$REPORT"
echo " SERVER SECURITY AUDIT REPORT" | tee -a "$REPORT"
echo " Generated on: $(date)" | tee -a "$REPORT"
echo "==============================================" | tee -a "$REPORT"
echo "" | tee -a "$REPORT"

# -------------------------------
# SYSTEM INFO
# -------------------------------
echo "[+] SYSTEM INFORMATION" | tee -a "$REPORT"
uname -a | tee -a "$REPORT"
lsb_release -a 2>/dev/null | tee -a "$REPORT"
echo "" | tee -a "$REPORT"

# -------------------------------
# DISK USAGE
# -------------------------------
echo "[+] DISK USAGE" | tee -a "$REPORT"
df -h | tee -a "$REPORT"
echo "" | tee -a "$REPORT"

# -------------------------------
# LOGGED IN USERS
# -------------------------------
echo "[+] LOGGED IN USERS" | tee -a "$REPORT"
who | tee -a "$REPORT"
echo "" | tee -a "$REPORT"

# -------------------------------
# USER ACCOUNTS
# -------------------------------
echo "[+] USER ACCOUNTS (UID < 1000 excluded)" | tee -a "$REPORT"
awk -F: '$3 >= 1000 {print $1}' /etc/passwd | tee -a "$REPORT"
echo "" | tee -a "$REPORT"

# -------------------------------
# SSH CONFIG CHECK
# -------------------------------
echo "[+] SSH SECURITY SETTINGS" | tee -a "$REPORT"
grep -Ei "PermitRootLogin|PasswordAuthentication|AllowUsers" /etc/ssh/sshd_config | tee -a "$REPORT"
echo "" | tee -a "$REPORT"

# -------------------------------
# CRON JOBS
# -------------------------------
echo "[+] CRON JOBS (ROOT + USERS)" | tee -a "$REPORT"
crontab -l 2>/dev/null | tee -a "$REPORT"
ls -la /etc/cron* | tee -a "$REPORT"
echo "" | tee -a "$REPORT"

# -------------------------------
# RUNNING SERVICES
# -------------------------------
echo "[+] RUNNING SERVICES" | tee -a "$REPORT"
systemctl list-units --type=service --state=running | tee -a "$REPORT"
echo "" | tee -a "$REPORT"

# -------------------------------
# SUSPICIOUS FILE EXTENSIONS
# -------------------------------
echo "[+] SUSPICIOUS FILES IN WEB ROOT" | tee -a "$REPORT"
find "$WEBROOT" -type f \( \
    -iname "*.php7" -o \
    -iname "*.php8" -o \
    -iname "*.phtml" -o \
    -iname "*.php~" -o \
    -iname "*.phar" \
\) 2>/dev/null | tee -a "$REPORT"
echo "" | tee -a "$REPORT"

# -------------------------------
# MALWARE PATTERNS
# -------------------------------
echo "[+] MALWARE SIGNATURE SCAN (eval, base64, shell_exec)" | tee -a "$REPORT"
grep -R --line-number --color=never \
    -E "eval\(|base64_decode|shell_exec|passthru|system\(" \
    "$WEBROOT" 2>/dev/null | tee -a "$REPORT"
echo "" | tee -a "$REPORT"

# -------------------------------
# EXECUTABLE FILES IN WEB ROOT
# -------------------------------
echo "[+] EXECUTABLE FILES IN WEB ROOT" | tee -a "$REPORT"
find "$WEBROOT" -type f -executable 2>/dev/null | tee -a "$REPORT"
echo "" | tee -a "$REPORT"

# -------------------------------
# WORLD-WRITABLE FILES
# -------------------------------
echo "[+] WORLD-WRITABLE FILES (777 / 666)" | tee -a "$REPORT"
find "$WEBROOT" -type f -perm -o+w 2>/dev/null | tee -a "$REPORT"
echo "" | tee -a "$REPORT"

# -------------------------------
# PRIVILEGE ESCALATION ARTIFACTS
# -------------------------------
echo "[+] POSSIBLE PRIVILEGE ESCALATION FILES" | tee -a "$REPORT"
find / -type f \( -name "pkexec" -o -name "pwnkit" -o -name "gconv-modules" \) 2>/dev/null | tee -a "$REPORT"
echo "" | tee -a "$REPORT"

# -------------------------------
# NETWORK PORTS
# -------------------------------
echo "[+] OPEN NETWORK PORTS" | tee -a "$REPORT"
ss -tulnp | tee -a "$REPORT"
echo "" | tee -a "$REPORT"

# -------------------------------
# FIREWALL STATUS
# -------------------------------
echo "[+] FIREWALL STATUS" | tee -a "$REPORT"
ufw status verbose 2>/dev/null | tee -a "$REPORT"
echo "" | tee -a "$REPORT"

# -------------------------------
# FAIL2BAN STATUS
# -------------------------------
echo "[+] FAIL2BAN STATUS" | tee -a "$REPORT"
fail2ban-client status 2>/dev/null | tee -a "$REPORT"
echo "" | tee -a "$REPORT"

# -------------------------------
# -------------------------------
# SUMMARY
# -------------------------------
echo "==============================================" | tee -a "$REPORT"
echo " AUDIT COMPLETE" | tee -a "$REPORT"
echo " Report saved to: $REPORT" | tee -a "$REPORT"
echo "==============================================" | tee -a "$REPORT"

exit 0
Hacker Blog, Shell İndir, Sql İnjection, XSS Attacks, LFI Attacks, Social Hacking, Exploit Bot, Proxy Tools, Web Shell, PHP Shell, Alfa Shell İndir, Hacking Training Set, DDoS Script, Denial Of Service, Botnet, RFI Attacks, Encryption
Telegram @BIBIL_0DAY