Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jeremiah-shaulov/inullify

Watch directories, and truncate dangerous files.
https://github.com/jeremiah-shaulov/inullify

Last synced: about 2 months ago
JSON representation

Watch directories, and truncate dangerous files.

Awesome Lists containing this project

README 

        
# inullify



This command-line utility watches given directories for new files, and for changes in existing files. If a dangerous file appears, it will be nullified (truncated to zero size). This is useful on FTP servers, and this can fight big percent of WordPress attacks.



A dangerous file is a file that matches given regular expression. By default `(?P\x7FELF)|(?P<\?)`, that guards against uploading ELFs (linux executables) and PHP files.



## Installation



This is cargo software. First you need to install cargo, if you didn't yet: see [how to do this](https://doc.rust-lang.org/cargo/getting-started/installation.html). Then:



```bash

cargo install inullify

```



## Usage



```bash

inullify



# or:

inullify /tmp /var/www/my-wordpress



# or:

inullify --regex='(?P<\?)' /tmp

```



To daemonize third-party software can be used. For example in Ubuntu we can use `daemon`:



```bash

sudo daemon --name=inullify --user=www-data --respawn --stdout=/tmp/inullify.log --stderr=/tmp/inullify-err.log -- inullify /tmp

```



iNullify must be run from user that has access to files of interest.



## Regex



Desired regex can be specified with `-r` or `--regex` command-line option.



You can mark alternatives with named groups. If a group matched for some file, this group name will be printed together with the filename.



## PHP antivirus



To prevent uploading dangerous files to server from PHP applications, you need to monitor PHP upload directory. This directory is set in `php.ini` with directive called `upload_tmp_dir`. By default PHP uses `/tmp`.