Commit aa9ff710 authored by remy's avatar remy
Browse files

a more understandable README.md

parent db0f686e
......@@ -25,6 +25,12 @@ After editing the 3 configuration files (`profile.conf` and listings `host_https
sudo make install
```
Once `websitechecks` is installed, you should find those files here:
- `/etc/default/websitechecks`
- `/usr/local/websitechecks/etc/host_https_list.txt`
- `/usr/local/websitechecks/etc/url_list.txt`
## How to check your HTTPS certificates
Edit `host_https_list.txt` file containing the list of hosts (fqdn / fully qualified domain name) to scan.
......@@ -39,11 +45,12 @@ This will produce a json output on the standard output and in the output directo
## How to use checks.sh
This script checks some URLs (HTTP answers + checksums).
This script checks some URLs (HTTP answers + checksums). Checksums are a good way to check if a website has been defaced. Indeed, any modification on a webpage could e legitiate or not, and this should be monitored.
Note that dynamic webpages are a bit more complicated to monitor by this way. You should remove dynamic element from the webpage before computing the checksum.
Enter the list of URL to scan in `url_list.txt`.
First, enter the list of URL to scan in `url_list.txt`.
To initialize the working directory `workdir`, you need to launch:
To initialize the working directory `workdir`, you will need to launch:
```bash
check_urls.sh init
......@@ -57,6 +64,8 @@ check_urls.sh check
You will find your results in `json` format in your `OUTPUT_DIR` defined in `profile.conf`.
If there is no output on stdout, that is normal. It means that nothing changed since last scan.
To display more informations about differences:
```bash
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment