CHips L MINI SHELL

CHips L pro

Current Path : /proc/3/task/3/cwd/proc/3/root/opt/zabbix_scripts/
Upload File :
Current File : //proc/3/task/3/cwd/proc/3/root/opt/zabbix_scripts/malicious.userProcs.sh

#!/bin/bash
#########################################################################
#                                                               	#
# Plugin name:	check_slash_tmp_php_proc				#
# Description:	Plugin to check for rogue processes either running	#
#	      	in /tmp, executed with "./", or with a masked name.	#
# Author:	William Overko                                        	#
# Version:      20190801                                                #
#                                                                       #
#########################################################################


procUsers=`ps auwx | grep -vE '^root' | grep -E '[0-9]{1,4}:[0-9]{1,2}\ (\.\/|\/tmp|\/var\/tmp|perl \/tmp|(sh\ \-c){0,1}\ \.\/[a-zA-Z0-9]*|(bash|proc)|\[stealth\])' | awk '{print $1}' | sort | uniq`
procCount=`ps auwx | grep -vE '^root' | grep -E '[0-9]{1,4}:[0-9]{1,2}\ (\.\/|\/tmp|\/var\/tmp|perl \/tmp|(sh\ \-c){0,1}\ \.\/[a-zA-Z0-9]*|(bash|proc)|\[stealth\])' | awk '{print $1}' | sort | uniq | wc -l`

if [ ${procCount} -eq 0 ]
then
    echo -e "OK: No processes found."
    exit 0
elif [ ${procCount} -gt 0 ]
then
    declare userOutput='Processes running under the following usernames: '
    for user in "${procUsers[@]}"
    do
        user=`getent passwd $user | cut -d: -f1`
        userOutput="$userOutput $user"
    done
    echo -e "CRITICAL: $userOutput."
    exit 2
fi

Copyright 2K16 - 2K18 Indonesian Hacker Rulez