I have been thinking about this for a while, and sadly I am not very good with Bash, so I was hoping someone could help me.
I am well aware of the warning on the Ubuntu forums:
http://ubuntuforums....nnouncement.php?f=39about nasty people telling less knowledgeable people like me to carry out commands that would toast their install.
Now, I love to mess around with Bash, and basically learn as I go, reading forum posts and using other Bash scripts that people have posted. However, I am always worrying that someone could have posted a mallicious bit of code in their Bash script for a laugh (I am meaning a script I find anywhere on the internets, not just from the Ubuntu forums). Obviously I only use scripts from what look like reputable sites where people have commented on the script afterwards, but still the risk exists.
I was wondering if it was possible to make a Bash script/program that reads another Bash script that you pass it (basically a text file) and looks for any nasty pieces of code in it (the nasty pieces of code taken from the examples given in the post above and then updated from time to time with other sources).
In a sense, it would be like a mini-anti-virus program. It would have a definitions file that contained the nasty pieces of code, and then you would get it to scan a text file for those pieces of code and it would tell you if it found anything nasty or not.
I know this should use either the sed, awk or gawk commands, but I don't know how to create a script that could search for multiple strings of commands from a given list (the definitions file).
Obviously, this isn't a fool proof solution and it is entirely possible that it will miss nasty code or a certain piece of nasty code isn't in the definitions file, but, hey, it's a start and it should help new users to Linux and provide a little bit more internet security. Once it is created, I'll host it on Google Code and publicise it on my Blog (so all 10 of my readers can learn about it!!).
So, is anyone out there willing to create this little piece of Bash for me?
(Note, Bash is preferred, since it is a relatively easy language to understand and users would be able to see how it works and learn a bit about Bash along the way).