#!/bin/bash ################################################################################ # PCI DSS 11.6.1 - Payment Page Integrity Monitoring Script # # Purpose: Checks payment-related files for unauthorized modifications # Frequency: Weekly (configured via cron) # Alert Method: Email notification # # Author: [Your Name] # Created: October 2, 2025 ################################################################################ # Configuration SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" BASELINE_FILE="${SCRIPT_DIR}/baseline-hashes.txt" LOG_FILE="${SCRIPT_DIR}/integrity-check.log" ALERT_EMAIL="erics@richmondprolab.com" WEB_ROOT="/home/rcpro105/public_html" # Files to monitor (relative to web root) FILES_TO_CHECK=( "wp-content/themes/betheme-child/cardpointe/cardpointe-payment.php" "wp-content/themes/betheme-child/cardpointe/js/cardpointe-payment.js" "wp-content/themes/betheme-child/cardpointe/cardpointe-proxy.php" "wp-content/themes/betheme-child/cardpointe/get-payment-info.php" ) ################################################################################ # Functions ################################################################################ log_message() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE" } send_alert() { local subject="$1" local body="$2" # Send email alert with proper line breaks echo -e "$body" | mail -s "$subject" "$ALERT_EMAIL" log_message "Alert sent to $ALERT_EMAIL" } ################################################################################ # Main Script ################################################################################ log_message "=== Starting integrity check ===" # Check if baseline file exists if [ ! -f "$BASELINE_FILE" ]; then log_message "ERROR: Baseline file not found at $BASELINE_FILE" log_message "Run this script with --generate-baseline first" exit 1 fi # Flag to track if any changes detected CHANGES_DETECTED=0 ALERT_MESSAGE="" # Check each file for FILE in "${FILES_TO_CHECK[@]}"; do FULL_PATH="${WEB_ROOT}/${FILE}" # Check if file exists if [ ! -f "$FULL_PATH" ]; then log_message "WARNING: File not found: $FULL_PATH" CHANGES_DETECTED=1 ALERT_MESSAGE="${ALERT_MESSAGE}\n- MISSING FILE: $FILE" continue fi # Calculate current hash CURRENT_HASH=$(sha384sum "$FULL_PATH" | awk '{print $1}') # Get baseline hash BASELINE_HASH=$(grep "$FILE" "$BASELINE_FILE" | awk '{print $1}') if [ -z "$BASELINE_HASH" ]; then log_message "WARNING: No baseline hash found for $FILE" CHANGES_DETECTED=1 ALERT_MESSAGE="${ALERT_MESSAGE}\n- NEW FILE (not in baseline): $FILE" continue fi # Compare hashes if [ "$CURRENT_HASH" != "$BASELINE_HASH" ]; then log_message "ALERT: Hash mismatch for $FILE" log_message " Expected: $BASELINE_HASH" log_message " Current: $CURRENT_HASH" CHANGES_DETECTED=1 ALERT_MESSAGE="${ALERT_MESSAGE}\n- MODIFIED: $FILE\n Expected: $BASELINE_HASH\n Current: $CURRENT_HASH" else log_message "OK: $FILE - integrity verified" fi done # Send alert if changes detected if [ $CHANGES_DETECTED -eq 1 ]; then log_message "CHANGES DETECTED - Sending alert" SUBJECT="SECURITY ALERT: Payment Page Files Modified" BODY="PAYMENT PAGE INTEGRITY ALERT Payment page integrity check detected unauthorized changes: ${ALERT_MESSAGE} Server: $(hostname) Time: $(date) ACTION REQUIRED: 1. Investigate the source of these changes immediately 2. If unauthorized, restore from backup and disable payment form 3. If authorized, update baseline hashes: - SSH to server - cd /path/to/cardpointe/ - Run: sha384sum [modified_file] > temp.txt - Update baseline-hashes.txt with new values Log file: ${LOG_FILE} " send_alert "$SUBJECT" "$BODY" else log_message "All files verified - No changes detected" fi log_message "=== Integrity check completed ===" exit $CHANGES_DETECTED