File Monitoring

• Monitor Directory for Changes
  inotifywait -m -r -e modify,create,delete,open /home/logiceverything/example/

Audit Rules Management

• Add Audit Rule
  auditctl -w /var/www/html -p wa -k web_files

• Remove Specific Audit Rule
  auditctl -W /var/www/html -k web_files

• Remove All Audit Rules
  auditctl -D

• List Current Audit Rules
  auditctl -l

Audit Logs and Decoding

• Search Audit Logs by Key
  ausearch -k passwd_changes

Hexadecimal Operations

• Decode Encoded Proctitle from Hex
  echo "2F7573722F7362696E2F6874747064002D6B007374617274" | xxd -r -p

chattr Commands (File Attribute Control)

• Manage File Immutable Attribute
  chattr +i filename to make a file immutable; chattr -i filename to remove the immutable attribute.

• List File Attributes
  lsattr

Custom Shell Functions (from .bash_helpers)

• Find Recently Modified Web Files
  findweb /home/logiceverything/example/ [days]
  Example:
  findweb /home/logiceverything/example/ 2

• Find Recently Modified Web Files in Minutes
  findwebmin /home/logiceverything/example/ [minutes]
  Example:
  findwebmin /home/logiceverything/example/ 60

• Rename Suspicious Files
  rnsus [file_list.txt]
  Example:
  rnsus suspicious_files.txt

• List Suspicious Files
  lssus /home/logiceverything/example/
  Example:
  lssus /home/logiceverything/example/

• Quarantine Files
  quarantine [file_list.txt]
  Example:
  quarantine suspicious_files.txt

Commands for Identifying and Removing Code Injections

• Find Files Modified in a Specific Timeframe
  Use find /home/logiceverything/example/ -type f -mtime [days] for days, or -mmin [minutes] for minutes.
  Examples:
  Find files modified in the last 2 days:
  find /home/logiceverything/example/ -type f -mtime -2
  Find files modified in the last 180 minutes:
  find /home/logiceverything/example/ -type f -mmin -180
  Find files modified in the last hour:
  find /home/logiceverything/example/ -type f -mmin -60
  Find files modified exactly 7 days ago:
  find /home/logiceverything/example/ -type f -mtime 7

• Find Specific File Types Modified in the Last 2 Days
  Find .php, .css, and .js files modified in the last 2 days:
  find /home/logiceverything/example/ -type f ( -name ".php" -o -name ".css" -o -name "*.js" ) -mtime -2

• Search for Suspicious Patterns in Files
  Use grep to search for specific patterns across files:
  Example to search for eval(:
  grep -r "eval(" /home/logiceverything/example/
  Example to search for base64_decode(:
  grep -r "base64_decode(" /home/logiceverything/example/

• Find and Quarantine All .htaccess Files
  Find and move all .htaccess files to a quarantine directory:
  find /home/logiceverything/example/ -type f -name ".htaccess" -exec mv {} /home/logiceverything/example/quarantine/ \;

Notes

The custom shell functions (findweb, findwebmin, rnsus, lssus, quarantine) should be defined in your .bash_helpers file and sourced in your .bashrc to be available in your shell sessions.