OldScriptFinder: Documentation: More Advanced Usage Instructions
Explaining Config Files
Old Script Finder can have multiple config files, each for a different purpose. For example, one for a weekly scan which sends warning emails to your users, another for a monthly scan that disables any scripts that have had more than a certain number of warnings, another for scanning just a certain part of the filesystem, etc. The default config file is /var/oldscripts/default.conf . We recommend that you leave default.conf only for when scanning manually, and not for emailing warnings, shutting down scripts etc. This is so you can run Old Script Finder from a terminal, with no side effects. Here's a sample default.conf:
[oldscripts]
usehttpdconf=1
httpdconf=/usr/local/apache/conf/httpd.conf
The above enables the httpd.conf reading feature, which only scans directories listed in httpd.conf. As you're then only scanning web-accessible directories, this makes the scan much faster than scanning the entire filesystem.
The config file is split into sections. The name of the section is enclosed in square brackets - like [oldscripts]. [oldscripts] is the main section. Each script may have it's own section, for any individual settings it may have. Below a section heading, options are listed as the option name, followed by an equals sign, followed by the value.
HTML/XML/Email Reports
Old Script Finder can create reports of what it has found. There are three different types: HTML, XML and Email.
The HTML report generates a web page listing the found scripts, versions, etc.
The XML report generates an XML file which lists the found scripts, versions, etc. This is most useful for reading the data with another program, a perl script, etc.
The Email report sends an email listing all of the found scripts, versions, etc. This is intended for your sysadmin's information, rather than the end user.
Here's an example which performs a full scan, generates a HTML report, and saves it as /home/owner/www/report.html:
$ oldscriptfinder --usehttpdconf --httpdconf=/usr/local/apache/conf/httpd.conf --htmlout=/home/owner/www/report.html
Or, as a config file, for example named /var/oldscripts/html.conf:
[oldscripts]
usehttpdconf=1
httpdconf=/usr/local/apache/conf/httpd.conf
htmlout=/home/owner/www/report.html
Which would then be executed by running:
$ oldscriptfinder --conf=/var/oldscripts/html.conf
Both the command line and config file options produce exactly the same results. From now on, though, we'll just show the config file method. You can still use all of the options on the command line if you prefer.
Here's an example which performs a full scan, generates an XML report, saves it to /var/oldscripts/report.xml and sends an email report to somebody@example.com. First, the config file, /var/oldscripts/xmlandemail.conf:
[oldscripts]
usehttpdconf=1
httpdconf=/usr/local/apache/conf/httpd.conf
xmlout=/var/oldscripts/report.xml
emailout=somebody@example.com
You'd then run it as:
$ oldscriptfinder --conf=/var/oldscripts/xmlandemail.conf
The HTML and XML report filenames may contain the special tags <hostname> (which is replaced by the hostname of the server) and <time> (which is replaced by the UNIX timestamp at the time of the scan). The HTML and XML reports can also be automatically transferred to another server via FTP. Here's an example config file:
[oldscripts]
usehttpdconf=1
httpdconf=/usr/local/apache/conf/httpd.conf
xmlout=/var/oldscripts/report-<hostname>-<time>.xml
[reportftp]
xml=1
hostname=ftp.example.com
username=example
password=example
cwd=reports/
The Multi-Server Report tool uses the XML reports of multiple servers which have been automatically transferred via FTP, in the manner above.
Warning Emails
Old Script Finder can send warning emails to users when old scripts are discovered in their account. Note that by default this is not enabled, and no emails are sent. When enabled, only one email per account is sent, which contains a list of all of the old scripts in the account. Here's an example config file, for example saved as /var/oldscripts/sendwarnings.conf:
[oldscripts]
usehttpdconf=1
httpdconf=/usr/local/apache/conf/httpd.conf
emailwarnings=1
That would then be executed as:
$ oldscriptfinder --conf=/var/oldscripts/sendwarnings.conf
You can create a custom template for the warning email. See the warningtemplate option.
Auto Disable Old Scripts
Optionally, Old Script Finder can disable old scripts which have had a certain number of warnings, or a certain amount of time has passed since the first warning. For example, to have Old Script Finder send warning emails and disable scripts on their 3rd warning:
[oldscripts]
usehttpdconf=1
httpdconf=/usr/local/apache/conf/httpd.conf
emailwarnings=1
warningshutdown=3
So with the above, the user will receive 2 warnings about the script, then it will be disabled on the 3rd scan. They can re-enable it at any time. The default method for disabling a script is to chmod the directory it's in to 0000 - see --shutdownmethod for other methods. By default, if you're using the --usehttpdconf option, root directories from httpd.conf will not be disabled. If you want to disable them anyway, pass in the --evenhttproot option.
Here's an example that sends warning emails and disables scripts 2 weeks after their first warning. Note that you still need to run Old Script Finder again with the same options after that 2 weeks, or scripts won't be disabled. We recommend that if you wish to use this feature, you set up Old Script Finder to run automatically by cron every so often - perhaps weekly or every few days, so it can check for any scripts that need to be disabled.
[oldscripts]
usehttpdconf=1
httpdconf=/usr/local/apache/conf/httpd.conf
emailwarnings=1
warningshutdown=2w
See the --warningshutdown docs for more details.