FileChecksum Monitoring

Linux and Unix-Like Linux
1

Hello Experts,

I am looking for some script for FileChecksum monitoring , i have prepared the script but its not working as needed .

Strategy :

1) Copy ("passwd" "shadow" "/security/access.conf") to a new file location
2) Do , md5sum "/etc/passwd" "CopiedFile-Passwd"  >tmp/HPOM_Checksum.log
3) Do , md5sum -c /tmp/HPOM_Checksum.log
     if ("passwd" "shadow" "/security/access.conf") gets modified , the md5sum o/p string will be different
This can be checked from 
4) md5sum -c /tmp/HPOM_Checksum.log
sample o/p 
[root@oilvs011 tmp]# md5sum -c /tmp/HPOM_Checksum.log
/etc/passwd: FAILED
/var/opt/OV/log/hpom_passwd.md5: OK

5) If this gets modified , i again want to run the same loop.

Note : Whenever there is change in file the script has to copy the file again as in step 1

If you have any other better solution to work on this do let me know :

#!/bin/sh
CHECKSUM_PATH=/etc
AGENT_LOG=/var/opt/OV/log
declare -a arr=("passwd" "shadow" "/security/access.conf")
##now loop through the above array
for i in "${arr[@]}"
do
    LIST_FILE=`ls -lrt "$AGENT_LOG" |grep "hpom_$i.md5" |wc -l`
echo $LIST_FILE
if [ $LIST_FILE -eq 0 ]; then
    COPY=`cp "$CHECKSUM_PATH/$i" "$AGENT_LOG/hpom_$i.md5"`
fi
done
declare -a arr=("passwd" "shadow" "/security/access.conf")
##now loop through the above array
for j in "${arr[@]}"
   do
     CHECKSUM=`md5sum "$CHECKSUM_PATH/$j" "$AGENT_LOG/hpom_$j.md5" >/tmp/HPOM_Checksum.log`
     CHECKSUM_STATUS=`md5sum -c /tmp/HPOM_Checksum.log |grep FAILED |wc -l`
     echo $CHECKSUM_STATUS
       if [ $CHECKSUM_STATUS -eq 1 ]; then
          COPY=`cp "$CHECKSUM_PATH/$j" "$AGENT_LOG/hpom_$j.md5"`
          echo `date +%b/%d/%Y-%H:%M:%S` Checksum Failed for $i >> /tmp/HPOM_Log_Checksum.log
       fi
   done

Thanks,
Mahender Joshi

2

Why not do an md5sum of all the files you are interested in to a single file? That way, just running md5sum -c checksums-file will do them all in one go. If you look at the file it creates, it will have the checksum and the examined filename in each record so you don't need to keep lots of separate single files and save you the worry of building/using an array.

For clarity, you can spread out your script if that helps, so saving the initial checksums:-

# However many files per line that makes sense to you, but nothing after the \ on each line

files_to_check="\
 /etc/passwd  /etc/shadow /security/access.conf \
 /etc/resolv.conf  /etc/sysconfig/network-scripts/* \
 /etc/fstab \
 /etc/httpd/httpd.conf \
 /anything/else/you/fancy \
"


md5sum $files_to_check > /var/lib/md5sums/critical.md5

Later you can just md5sum -c /var/lib/md5sums/critical.md5 and you get a nice report about the files previously listed.

I hope that this helps,
Robin