Is there methods/solutions like capturing and tracking code injection / malicious file modification event on the php files, so that email alert will be sent to administrator when chmod of default file is changed from 444 to other writable permissions(A prerequisite for file/folder modification) .
Testing Environment
ubuntu14.04 server
php5 + apache2
wordpress
I would use inotify – the kernels built API for monitoring file system events,
install inotify-tools, you can then use it like
inotifywait -m -e MODIFY -r /path/to/watch.. you can get this to call a custom script in which you can do what you want upon detection of file changes.More info: https://github.com/rvoicilas/inotify-tools/wiki
There is no such event in
PHPbut you can write script that will calculate hashes of all your files and check them after each execution (eg. viaCRON).Same script could check files permissions.