Crates.io | inullify |
lib.rs | inullify |
version | 0.1.4 |
source | src |
created_at | 2020-07-22 19:00:24.924209 |
updated_at | 2020-08-16 12:51:40.560943 |
description | Watch directories, and truncate dangerous files. |
homepage | |
repository | https://github.com/jeremiah-shaulov/inullify |
max_upload_size | |
id | 268137 |
size | 12,251 |
This command-line utility watches given directories for new files, and for changes in existing files. If a dangerous file appears, it will be nullified (truncated to zero size). This is useful on FTP servers, and this can fight big percent of WordPress attacks.
A dangerous file is a file that matches given regular expression. By default (?P<ELF>\x7FELF)|(?P<PHP><\?)
, that guards against uploading ELFs (linux executables) and PHP files.
This is cargo software. First you need to install cargo, if you didn't yet: see how to do this. Then:
cargo install inullify
inullify
# or:
inullify /tmp /var/www/my-wordpress
# or:
inullify --regex='(?P<PHP><\?)' /tmp
To daemonize third-party software can be used. For example in Ubuntu we can use daemon
:
sudo daemon --name=inullify --user=www-data --respawn --stdout=/tmp/inullify.log --stderr=/tmp/inullify-err.log -- inullify /tmp
iNullify must be run from user that has access to files of interest.
Desired regex can be specified with -r
or --regex
command-line option.
You can mark alternatives with named groups. If a group matched for some file, this group name will be printed together with the filename.
To prevent uploading dangerous files to server from PHP applications, you need to monitor PHP upload directory. This directory is set in php.ini
with directive called upload_tmp_dir
. By default PHP uses /tmp
.