tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
pandorafms/pandora_server/util/integrity_check

210 lines
4.6 KiB
Plaintext
Raw Normal View History

Added new tool to generate a hash catalog to verify pandora fms setups has not been altered and provide a simple integrity check of libraries, configuration files and sources of both, console, server and agent.
2014-09-24 15:46:20 +02:00
#!/bin/bash
# Pandora FMS Integrity Check v1.0
# (c) 2014 Pandora FMS Team
#
# This script is used to generate a MD5 hash of each relevant file
# in a Pandora FMS, including server and console files. It supports
# a mode to "check" using the output of a previous execution.
UNIXTIME=`date +%s`
HUMANDATE=`date +%d-%m-%y-%s`
OUTPUT=integrity_check_`date +%d-%m-%y-%s`.data
echo "Pandora FMS Integrity Check tool v1.0"
echo "(c) Pandora FMS Development Team 2014"
echo " "
if [ $# -lt 2 ]
then
echo "Syntax:"
echo " "
Updated integrity check: added option to compare two integrity files.
2014-09-24 19:46:43 +02:00
echo "integrity_chech new|check|compare [<path_to_console>] [<path_to_integrity_file>] [<path_to_integrity_file_2>]"
Added new tool to generate a hash catalog to verify pandora fms setups has not been altered and provide a simple integrity check of libraries, configuration files and sources of both, console, server and agent.
2014-09-24 15:46:20 +02:00
echo " "
Updated integrity check: added option to compare two integrity files.
2014-09-24 19:46:43 +02:00
echo " If mode 'check' is selected, it will require a integrity file (generated by this tool) to check it against current setup. If mode 'compare' is selected, it wil require two integrity files, and will report differences between them"
Added new tool to generate a hash catalog to verify pandora fms setups has not been altered and provide a simple integrity check of libraries, configuration files and sources of both, console, server and agent.
2014-09-24 15:46:20 +02:00
echo " "
exit -1
fi
CONSOLE_PATH=$2
INTEGRITY_FILE=$3
INTEGRITY_REPORT=$INTEGRITY_FILE.report
MODE=$1
ERROR=0
Updated integrity check: added option to compare two integrity files.
2014-09-24 19:46:43 +02:00
if [ ! -d "$CONSOLE_PATH" ] && [ "$MODE" != "compare" ]
Added new tool to generate a hash catalog to verify pandora fms setups has not been altered and provide a simple integrity check of libraries, configuration files and sources of both, console, server and agent.
2014-09-24 15:46:20 +02:00
then
echo "Error: Console path doesn't exist"
exit -1
fi
Updated integrity check: added option to compare two integrity files.
2014-09-24 19:46:43 +02:00
if [ "$MODE" == "compare" ]
then
FILE1=$2
FILE2=$3
if [ ! -f "$FILE1" ] || [ ! -f "$FILE2" ]
then
echo "Error, at least one of the integrity files provided not found"
exit -1
fi
IFS="
"
COUNTER=0
for a in `cat $FILE1 | grep -v "^#"`
do
if [ $COUNTER -eq 0 ]
then
echo -ne "\b|"
fi
if [ $COUNTER -eq 1 ]
then
echo -ne "\b/"
fi
if [ $COUNTER -eq 2 ]
then
echo -ne "\b-"
fi
if [ $COUNTER -eq 3 ]
then
echo -ne "\b\\"
COUNTER=-1
fi
COUNTER=`expr $COUNTER + 1`
F1=`echo $a | awk '{ print $2 }'`
M1=`echo $a | awk '{ print $1 }'`
BUF=`cat $FILE2 | grep "$F1\$"`
if [ -z "$BUF" ]
then
echo " "
echo "[MISS] $F1 is not present in $FILE2"
else
M2=`echo $BUF | awk '{ print $1 }'`
if [ "$M2" != "$M1" ]
then
echo " "
echo "[DIFF] $F1 has changed"
fi
fi
done
fi
Added new tool to generate a hash catalog to verify pandora fms setups has not been altered and provide a simple integrity check of libraries, configuration files and sources of both, console, server and agent.
2014-09-24 15:46:20 +02:00
if [ "$MODE" == "check" ]
then
if [ ! -f "$INTEGRITY_FILE" ]
then
echo "Error: Integrity file to check not found"
exit -1
fi
IFS="
"
cat /dev/null > $INTEGRITY_REPORT
echo "#Pandora FMS Integrity Check REPORT generated at $HUMANDATE at `hostname` by $USER" >> $INTEGRITY_REPORT
echo "Checking file integrity in $INTEGRITY_FILE."
for ax in `cat $INTEGRITY_FILE | grep -v "^#"`
do
md5=`echo $ax | awk '{ print $1 }'`
file=`echo $ax | awk '{ print $2 }'`
if [ -f "$file" ]
then
md5_v2=`md5sum $file | awk '{ print $1 }'`
if [ "$md5_v2" != "$md5" ]
then
echo "[ERR] $file -- MD5 CHECKSUM ERROR" >> $INTEGRITY_REPORT
ERROR=`expr $ERROR + 1`
echo -n "e"
else
echo "[ ok] $file -- OK" >> $INTEGRITY_REPORT
echo -n "."
fi
else
echo "[ERR] $file -- FILE MISSING in current target" >> $INTEGRITY_REPORT
ERROR=`expr $ERROR + 1`
echo -n "m"
fi
done
echo " "
if [ $ERROR -gt 0 ]
then
echo "WARNING: Some discrepancies has been found. Check the Integrity report"
else
echo "Everything seems to be OK, no changes detected!"
fi
echo "Done. Report is in $INTEGRITY_REPORT"
exit 0
fi
if [ "$MODE" == "new" ]
then
echo " "
# Begin CREATION of a new Integrity Check File
cat /dev/null > $OUTPUT
echo "#Pandora FMS Integrity Check generated at $HUMANDATE at `hostname` by $USER" >> $OUTPUT
echo "Creating integrity check of Pandora FMS Console files"
Fixed missing parameter, was calling to a fixed path
2014-10-07 15:54:26 +02:00
for ax in `find $CONSOLE_PATH -name "*.php" -o -name "*.js" -o -name "*.css" -o -name "*.sql"`
Added new tool to generate a hash catalog to verify pandora fms setups has not been altered and provide a simple integrity check of libraries, configuration files and sources of both, console, server and agent.
2014-09-24 15:46:20 +02:00
do
bx=`md5sum $ax`
echo $bx >>$OUTPUT
echo -n "."
done
echo " "
echo "Creating integrity check of Pandora FMS server files"
for ax in `find /usr/share/pandora_server/ -type f `
do
bx=`md5sum $ax`
echo $bx >>$OUTPUT
echo -n "."
done
for ax in `find /usr/lib/perl5/PandoraFMS/ -type f`
do
bx=`md5sum $ax`
echo $bx >>$OUTPUT
echo -n "."
done
if [ -d "/usr/lib/perl5/Goliat/" ]
then
for ax in `find /usr/lib/perl5/Goliat/ -type f`
do
bx=`md5sum $ax`
echo $bx >>$OUTPUT
echo -n "."
done
fi
if [ -d "/etc/pandora/" ]
then
for ax in `find /etc/pandora/ -type f`
do
bx=`md5sum $ax`
echo $bx >>$OUTPUT
echo -n "."
done
fi
echo " "
echo "File generated at $OUTPUT"
fi
echo "Finishing witout error"
exit 0