Created
October 29, 2021 03:41
-
-
Save stephan-t/6850acbef906f56c231fe01bdbc54aeb to your computer and use it in GitHub Desktop.
Interactive script used to detect any newly added or modified files on a WD MyBook Live NAS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Interactive script used to detect any newly added or modified files on | |
| # a WD MyBook Live NAS that may have been introduced by a malicious attacker. | |
| # This is done by comparing files on root partition to original firmware. | |
| # Set to root directory of MyBook Live root partition | |
| MBL_DIR='' | |
| # Set to root directory of original MyBook Live firmware | |
| FW_DIR='' | |
| MBL_FILES='/tmp/mbl-files.txt' | |
| FW_FILES='/tmp/fw-files.txt' | |
| NEW_FILES='/tmp/new-files.txt' | |
| DIFF_FILES='/tmp/diff-files.txt' | |
| if [ -z "$MBL_DIR" ] || [ -z "$FW_DIR" ]; then | |
| echo 'Directories of MyBook Live partition and original firmware must be set.' | |
| exit 1 | |
| fi | |
| cd "$MBL_DIR" | |
| find -type f -printf "%p\n" | sort > "$MBL_FILES" | |
| cd "$FW_DIR" | |
| find -type f -printf "%p\n" | sort > "$FW_FILES" | |
| # Find files in MBL not found in original firmware | |
| diff -u "$MBL_FILES" "$FW_FILES" | grep '^-' | sed -e 's/^-//' -e '1d' > "$NEW_FILES" | |
| read -p 'List files in MBL not found in original firmware? [Y/n] ' cont | |
| ! [[ "$cont" =~ [nN] ]] && less $NEW_FILES | |
| read -p 'View each file? [Y/n] ' cont | |
| if ! [[ "$cont" =~ [nN] ]]; then | |
| cd "$MBL_DIR" | |
| while read -r f; do less "$f"; done < "$NEW_FILES" | |
| fi | |
| # Find files that differ | |
| read -p 'Generate list of files that differ? [Y/n] ' cont | |
| if ! [[ "$cont" =~ [nN] ]]; then | |
| while read -r f; do | |
| find -path "$f" -exec diff -q "$MBL_DIR/$f" {} \; | |
| done < "$MBL_FILES" > "$DIFF_FILES" 2>&1 | |
| fi | |
| # View each diff | |
| [[ -s "$DIFF_FILES" ]] || exit 1 | |
| count=1 | |
| read -p 'View changes of files that differ? [Y/n] ' cont | |
| if ! [[ "$cont" =~ [nN] ]]; then | |
| cd "$FW_DIR" | |
| read -p 'Starting file number [default: 1] ' file_count | |
| [ -z "$file_count" ] && file_count=1 | |
| exec 3<"$DIFF_FILES" | |
| while read -r -u 3 f; do | |
| if [ "$file_count" -gt 1 ]; then | |
| ((file_count--)) | |
| ((count++)) | |
| else | |
| echo -n "File $((count++)): " | |
| echo "$f" | awk '{print $4}' | |
| read -p 'View file? [Y/n/q] ' cont | |
| if [[ "$cont" =~ [nN] ]]; then | |
| continue | |
| elif [[ "$cont" =~ [qQ] ]]; then | |
| break | |
| else | |
| echo "$f" | awk '{print $2 " " $4}' | xargs diff --color=always | less -R | |
| fi | |
| fi | |
| done | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment