From c1659ff411060426dc12206fe14ecf6f70a16d2c Mon Sep 17 00:00:00 2001 From: Sancho Lerena Date: Wed, 24 Sep 2014 15:46:20 +0200 Subject: [PATCH] Added new tool to generate a hash catalog to verify pandora fms setups has not been altered and provide a simple integrity check of libraries, configuration files and sources of both, console, server and agent. --- pandora_server/util/integrity_check | 151 ++++++++++++++++++++++++++++ 1 file changed, 151 insertions(+) create mode 100755 pandora_server/util/integrity_check diff --git a/pandora_server/util/integrity_check b/pandora_server/util/integrity_check new file mode 100755 index 0000000000..0d89a80f51 --- /dev/null +++ b/pandora_server/util/integrity_check @@ -0,0 +1,151 @@ +#!/bin/bash + +# Pandora FMS Integrity Check v1.0 +# (c) 2014 Pandora FMS Team +# +# This script is used to generate a MD5 hash of each relevant file +# in a Pandora FMS, including server and console files. It supports +# a mode to "check" using the output of a previous execution. + +UNIXTIME=`date +%s` +HUMANDATE=`date +%d-%m-%y-%s` +OUTPUT=integrity_check_`date +%d-%m-%y-%s`.data + +echo "Pandora FMS Integrity Check tool v1.0" +echo "(c) Pandora FMS Development Team 2014" +echo " " + +if [ $# -lt 2 ] +then + echo "Syntax:" + echo " " + echo "integrity_chech new|check [" + echo " " + echo " If mode 'check' is selected, it will require a integrity file (generated by this tool) to check it against current setup" + echo " " + exit -1 +fi + +CONSOLE_PATH=$2 +INTEGRITY_FILE=$3 +INTEGRITY_REPORT=$INTEGRITY_FILE.report +MODE=$1 +ERROR=0 + +if [ ! -d "$CONSOLE_PATH" ] +then + echo "Error: Console path doesn't exist" + exit -1 +fi + +if [ "$MODE" == "check" ] +then + if [ ! -f "$INTEGRITY_FILE" ] + then + echo "Error: Integrity file to check not found" + exit -1 + fi + + IFS=" +" + + cat /dev/null > $INTEGRITY_REPORT + echo "#Pandora FMS Integrity Check REPORT generated at $HUMANDATE at `hostname` by $USER" >> $INTEGRITY_REPORT + echo "Checking file integrity in $INTEGRITY_FILE." + + for ax in `cat $INTEGRITY_FILE | grep -v "^#"` + do + + md5=`echo $ax | awk '{ print $1 }'` + file=`echo $ax | awk '{ print $2 }'` + + if [ -f "$file" ] + then + md5_v2=`md5sum $file | awk '{ print $1 }'` + if [ "$md5_v2" != "$md5" ] + then + echo "[ERR] $file -- MD5 CHECKSUM ERROR" >> $INTEGRITY_REPORT + ERROR=`expr $ERROR + 1` + echo -n "e" + else + echo "[ ok] $file -- OK" >> $INTEGRITY_REPORT + echo -n "." + fi + else + echo "[ERR] $file -- FILE MISSING in current target" >> $INTEGRITY_REPORT + ERROR=`expr $ERROR + 1` + echo -n "m" + fi + done + echo " " + if [ $ERROR -gt 0 ] + then + echo "WARNING: Some discrepancies has been found. Check the Integrity report" + else + echo "Everything seems to be OK, no changes detected!" + fi + + echo "Done. Report is in $INTEGRITY_REPORT" + exit 0 +fi + +if [ "$MODE" == "new" ] +then + + echo " " + # Begin CREATION of a new Integrity Check File + + cat /dev/null > $OUTPUT + echo "#Pandora FMS Integrity Check generated at $HUMANDATE at `hostname` by $USER" >> $OUTPUT + echo "Creating integrity check of Pandora FMS Console files" + for ax in `find /var/www/pandora_console/ -name "*.php" -o -name "*.js" -o -name "*.css" -o -name "*.sql"` + do + bx=`md5sum $ax` + echo $bx >>$OUTPUT + echo -n "." + done + echo " " + echo "Creating integrity check of Pandora FMS server files" + for ax in `find /usr/share/pandora_server/ -type f ` + do + bx=`md5sum $ax` + echo $bx >>$OUTPUT + echo -n "." + done + + for ax in `find /usr/lib/perl5/PandoraFMS/ -type f` + do + bx=`md5sum $ax` + echo $bx >>$OUTPUT + echo -n "." + done + + if [ -d "/usr/lib/perl5/Goliat/" ] + then + for ax in `find /usr/lib/perl5/Goliat/ -type f` + do + bx=`md5sum $ax` + echo $bx >>$OUTPUT + echo -n "." + done + fi + + if [ -d "/etc/pandora/" ] + then + for ax in `find /etc/pandora/ -type f` + do + bx=`md5sum $ax` + echo $bx >>$OUTPUT + echo -n "." + done + fi + echo " " + echo "File generated at $OUTPUT" +fi + + +echo "Finishing witout error" +exit 0 + + +