How to monitor and be alert when core file changes?

[noemx]

Hi,

for security purposes I would like to be alerted when core file changes. The compare functionality is in the settings and autoupgrade module, but I would like it run automatically nightly and be notified when there is a change. Do you know of any module or some other way how to achieve this?

Note: I'm able to access limited shell on shared hosting, but not able to run shell scripts or use pipes. I can run php scripts scheduled in cron.

Edited July 4, 2024 by noemx
title typo (see edit history)

[Prestashop Addict]

Here is a simple php script to use with cron https://github.com/ComonSoft/hacking-detector

[noemx]

23 hours ago, Prestashop Addict said:

Here is a simple php script to use with cron https://github.com/ComonSoft/hacking-detector

Thanks. The script prints out files, which were created/modified in the last hour, so one should setup a cron to run every hour or modify the script. It uses time created and time modified attributes of a file to compute this. Example output:

Start: 2024/07/05 19:06:56
Number of scanned objects: 77342
End: 2024/07/05 19:06:57

.:: LIST OF FILES/FOLDERS CREATED OR MODIFIED LESS THAN 60 MINUTES ::.

OBJECT	CREATION	MODIFICATION	TYPE
var/cache/prod/localization/CLDR/F/I/QXwyLgN+uYfpDCkZIG9g	2024/07/03 09:44:55	2025/07/03 15:34:07	modified
var/cache/prod/localization/CLDR/C/T/BP9hRk6yGzSrZ1Jqkh-w	2024/07/03 09:45:35	2025/07/03 15:34:47	modified
var/cache/prod/pools/8C-j1rJNsn/T/Q/TPr9tIDGJdk2Tph8gcHQ	2024/07/03 09:45:18	2025/07/03 15:34:30	modified
check4change.php	2024/07/05 19:05:50	2024/07/05 19:05:50	created

However for hack detection this is not enough. I've seen files changed without modification date change, so calculating hash and comparing against vanilla install hashes seems necessary.

Using PHP and cron is a good idea. I'll investigate that more if time permits. I still believe this must be a common security practice and there is some existing solution.