5 | | Nagios runs of `wp core integrity-check` |
| 5 | [In process, see #13159] |
| 6 | |
| 7 | The monitor script mf-monitor-webapps executes the script mf-check-webapps and triggers a Nagios warning if it finds any web app sites that fail the test. |
| 8 | |
| 9 | == Search server for compromised sites == |
| 10 | |
| 11 | The script `mf-check-webapps` searches the given server for any web app that has been compromised. |
| 12 | |
| 13 | It finds web apps by searching for the files `/home/members/*/sites/*/.red/web-app-security/{drupal,wordpress}-core`. |
| 14 | |
| 15 | If it finds either file, it runs a check to see if the specified web app has been compromised. |
| 16 | |
| 17 | In normal mode, it outputs each site that has checked and the status of the site. In quiet mode, this output is supressed. |
| 18 | |
| 19 | Once the run is complete, it either: |
| 20 | |
| 21 | * Returns no output and the exit code 0 to indicate that no sites show signs of compromise |
| 22 | * One line with a comma separate list of site names that are compromised and the exit code 1 to indicate a compromise |
| 23 | * Error output and the exit code 255 to indicate an error prevented the script from running properly. |