This Server Monitoring Tool is designed to monitor file activities on a server, detecting unauthorized file modifications or suspicious uploads like webshells. The tool runs in real-time and monitors file creation, modification, deletion, and updates. It also uses Yara rules to detect potentially malicious files, such as webshells or unauthorized scripts.
- Real-time file monitoring: Monitors directories for new, modified, or deleted files.
- Malicious file detection: Uses Yara rules to scan and detect suspicious files such as webshells.
- Configurable directories: Customize the directories to monitor by updating the configuration file.
- Log and alert system: Logs all file activities and alerts on suspicious file detections.
- Clone the repository:
git clone https://github.com/lamcodeofpwnosec/server-monitoring.git
cd server-monitoring- Install required dependencies:
sudo apt-get install python3 python3-pip libyara3 yara
pip install inotify-simple yara-python paramiko
- Set up your directories to monitor by editing the
config.pyfile in the/src/directory. - Start the file monitoring tool:
python3 src/monitor.py
- Modify
config.pyto include the directories you want to monitor. - Define your custom Yara rules in the
yara_rules/malicious_rules.yarfile. - Run
monitor.pyto start the monitoring process. It will scan all detected file changes and log potential threats.
Note
Copyright ©lamcodeofpwnosec