Created
October 29, 2021 03:41
-
-
Save stephan49/6850acbef906f56c231fe01bdbc54aeb to your computer and use it in GitHub Desktop.
Revisions
-
stephan49 created this gist
Oct 29, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,74 @@ #!/bin/bash # Interactive script used to detect any newly added or modified files on # a WD MyBook Live NAS that may have been introduced by a malicious attacker. # This is done by comparing files on root partition to original firmware. # Set to root directory of MyBook Live root partition MBL_DIR='' # Set to root directory of original MyBook Live firmware FW_DIR='' MBL_FILES='/tmp/mbl-files.txt' FW_FILES='/tmp/fw-files.txt' NEW_FILES='/tmp/new-files.txt' DIFF_FILES='/tmp/diff-files.txt' if [ -z "$MBL_DIR" ] || [ -z "$FW_DIR" ]; then echo 'Directories of MyBook Live partition and original firmware must be set.' exit 1 fi cd "$MBL_DIR" find -type f -printf "%p\n" | sort > "$MBL_FILES" cd "$FW_DIR" find -type f -printf "%p\n" | sort > "$FW_FILES" # Find files in MBL not found in original firmware diff -u "$MBL_FILES" "$FW_FILES" | grep '^-' | sed -e 's/^-//' -e '1d' > "$NEW_FILES" read -p 'List files in MBL not found in original firmware? [Y/n] ' cont ! [[ "$cont" =~ [nN] ]] && less $NEW_FILES read -p 'View each file? [Y/n] ' cont if ! [[ "$cont" =~ [nN] ]]; then cd "$MBL_DIR" while read -r f; do less "$f"; done < "$NEW_FILES" fi # Find files that differ read -p 'Generate list of files that differ? [Y/n] ' cont if ! [[ "$cont" =~ [nN] ]]; then while read -r f; do find -path "$f" -exec diff -q "$MBL_DIR/$f" {} \; done < "$MBL_FILES" > "$DIFF_FILES" 2>&1 fi # View each diff [[ -s "$DIFF_FILES" ]] || exit 1 count=1 read -p 'View changes of files that differ? [Y/n] ' cont if ! [[ "$cont" =~ [nN] ]]; then cd "$FW_DIR" read -p 'Starting file number [default: 1] ' file_count [ -z "$file_count" ] && file_count=1 exec 3<"$DIFF_FILES" while read -r -u 3 f; do if [ "$file_count" -gt 1 ]; then ((file_count--)) ((count++)) else echo -n "File $((count++)): " echo "$f" | awk '{print $4}' read -p 'View file? [Y/n/q] ' cont if [[ "$cont" =~ [nN] ]]; then continue elif [[ "$cont" =~ [qQ] ]]; then break else echo "$f" | awk '{print $2 " " $4}' | xargs diff --color=always | less -R fi fi done fi