Hello Experts,
I am looking for some script for FileChecksum monitoring , i have prepared the script but its not working as needed .
Strategy :
1) Copy ("passwd" "shadow" "/security/access.conf") to a new file location
2) Do , md5sum "/etc/passwd" "CopiedFile-Passwd" >tmp/HPOM_Checksum.log
3) Do , md5sum -c /tmp/HPOM_Checksum.log
if ("passwd" "shadow" "/security/access.conf") gets modified , the md5sum o/p string will be different
This can be checked from
4) md5sum -c /tmp/HPOM_Checksum.log
sample o/p
[root@oilvs011 tmp]# md5sum -c /tmp/HPOM_Checksum.log
/etc/passwd: FAILED
/var/opt/OV/log/hpom_passwd.md5: OK
5) If this gets modified , i again want to run the same loop.
Note : Whenever there is change in file the script has to copy the file again as in step 1
If you have any other better solution to work on this do let me know :
#!/bin/sh
CHECKSUM_PATH=/etc
AGENT_LOG=/var/opt/OV/log
declare -a arr=("passwd" "shadow" "/security/access.conf")
##now loop through the above array
for i in "${arr[@]}"
do
LIST_FILE=`ls -lrt "$AGENT_LOG" |grep "hpom_$i.md5" |wc -l`
echo $LIST_FILE
if [ $LIST_FILE -eq 0 ]; then
COPY=`cp "$CHECKSUM_PATH/$i" "$AGENT_LOG/hpom_$i.md5"`
fi
done
declare -a arr=("passwd" "shadow" "/security/access.conf")
##now loop through the above array
for j in "${arr[@]}"
do
CHECKSUM=`md5sum "$CHECKSUM_PATH/$j" "$AGENT_LOG/hpom_$j.md5" >/tmp/HPOM_Checksum.log`
CHECKSUM_STATUS=`md5sum -c /tmp/HPOM_Checksum.log |grep FAILED |wc -l`
echo $CHECKSUM_STATUS
if [ $CHECKSUM_STATUS -eq 1 ]; then
COPY=`cp "$CHECKSUM_PATH/$j" "$AGENT_LOG/hpom_$j.md5"`
echo `date +%b/%d/%Y-%H:%M:%S` Checksum Failed for $i >> /tmp/HPOM_Log_Checksum.log
fi
done
Thanks,
Mahender Joshi