OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Q not found in the archives...
From: Wolfgang Viechtbauer (wviechtbS.PSYCH.UIUC.EDU)
Date: Mon Jul 10 2000 - 22:11:15 CDT

> Someone(s) on this mailing list mention a program that will periodically
> check the MD5/checksum/file size/whatever of the files on a Linux box and
> compare those results with the results from a previous run of the program
> (which are stored on a read-only medium). If the results don't match,
> alarms go off, emails are sent, Interpol is called in and Captain Jean-Luc
> Picard issues a "Red alert!". :-)
>
> What is the name of that program?

Well, you can always just write a simple script to do that job.

Let's call the first program 'md5make':

md5sum /bin/* /sbin/* /usr/bin/* /usr/sbin/* /usr/X11R6/bin/* /etc/* >
"/root/sys/`date +"%Y%m%d"`.md5" 2> /dev/null

You probably want to replace /root/sys/ with some other location. At any
rate, that's where the script will store the md5 checksum file for the
day.

Next script, 'md5check':

md5sum /bin/* /sbin/* /usr/bin/* /usr/sbin/* /usr/X11R6/bin/* /etc/* 2>
/dev/null | diff $1 - | awk '$1=="<" {print $3}'

Put md5sum in your cron.hourly directory, and let it run every night. Come
back the next day, go to the dir where the md5 checksum files are stored,
and then do md5check <date>.md5, and it will spit out what files have been
changed since that date.

Oh, and obviously, this is GPL =) Just kidding.

Hope this helps. Any suggestions for improving those scripts?

---------------------------------------------------------------------
Wolfgang Viechtbauer wviechtbs.psych.uiuc.edu
Department of Quantitative Psychology viechtbastudents.uiuc.edu

University of Illinois, Champaign-Urbana "Your mouse has moved.
Room 409, Psychology Building Windows must be restarted
603 E. Daniel Street for the change to take
Champaign, IL 61820 effect. Reboot now? [OK]"