Added new tool to generate a hash catalog to verify pandora fms setups has not been altered and provide a simple integrity check of libraries, configuration files and sources of both, console, server and agent.

This commit is contained in:
Sancho Lerena 2014-09-24 15:46:20 +02:00
parent f0fb29cb6a
commit c1659ff411
1 changed files with 151 additions and 0 deletions

View File

@ -0,0 +1,151 @@
#!/bin/bash
# Pandora FMS Integrity Check v1.0
# (c) 2014 Pandora FMS Team
#
# This script is used to generate a MD5 hash of each relevant file
# in a Pandora FMS, including server and console files. It supports
# a mode to "check" using the output of a previous execution.
UNIXTIME=`date +%s`
HUMANDATE=`date +%d-%m-%y-%s`
OUTPUT=integrity_check_`date +%d-%m-%y-%s`.data
echo "Pandora FMS Integrity Check tool v1.0"
echo "(c) Pandora FMS Development Team 2014"
echo " "
if [ $# -lt 2 ]
then
echo "Syntax:"
echo " "
echo "integrity_chech new|check <path_to_console> [<path_to_integrity_file]>"
echo " "
echo " If mode 'check' is selected, it will require a integrity file (generated by this tool) to check it against current setup"
echo " "
exit -1
fi
CONSOLE_PATH=$2
INTEGRITY_FILE=$3
INTEGRITY_REPORT=$INTEGRITY_FILE.report
MODE=$1
ERROR=0
if [ ! -d "$CONSOLE_PATH" ]
then
echo "Error: Console path doesn't exist"
exit -1
fi
if [ "$MODE" == "check" ]
then
if [ ! -f "$INTEGRITY_FILE" ]
then
echo "Error: Integrity file to check not found"
exit -1
fi
IFS="
"
cat /dev/null > $INTEGRITY_REPORT
echo "#Pandora FMS Integrity Check REPORT generated at $HUMANDATE at `hostname` by $USER" >> $INTEGRITY_REPORT
echo "Checking file integrity in $INTEGRITY_FILE."
for ax in `cat $INTEGRITY_FILE | grep -v "^#"`
do
md5=`echo $ax | awk '{ print $1 }'`
file=`echo $ax | awk '{ print $2 }'`
if [ -f "$file" ]
then
md5_v2=`md5sum $file | awk '{ print $1 }'`
if [ "$md5_v2" != "$md5" ]
then
echo "[ERR] $file -- MD5 CHECKSUM ERROR" >> $INTEGRITY_REPORT
ERROR=`expr $ERROR + 1`
echo -n "e"
else
echo "[ ok] $file -- OK" >> $INTEGRITY_REPORT
echo -n "."
fi
else
echo "[ERR] $file -- FILE MISSING in current target" >> $INTEGRITY_REPORT
ERROR=`expr $ERROR + 1`
echo -n "m"
fi
done
echo " "
if [ $ERROR -gt 0 ]
then
echo "WARNING: Some discrepancies has been found. Check the Integrity report"
else
echo "Everything seems to be OK, no changes detected!"
fi
echo "Done. Report is in $INTEGRITY_REPORT"
exit 0
fi
if [ "$MODE" == "new" ]
then
echo " "
# Begin CREATION of a new Integrity Check File
cat /dev/null > $OUTPUT
echo "#Pandora FMS Integrity Check generated at $HUMANDATE at `hostname` by $USER" >> $OUTPUT
echo "Creating integrity check of Pandora FMS Console files"
for ax in `find /var/www/pandora_console/ -name "*.php" -o -name "*.js" -o -name "*.css" -o -name "*.sql"`
do
bx=`md5sum $ax`
echo $bx >>$OUTPUT
echo -n "."
done
echo " "
echo "Creating integrity check of Pandora FMS server files"
for ax in `find /usr/share/pandora_server/ -type f `
do
bx=`md5sum $ax`
echo $bx >>$OUTPUT
echo -n "."
done
for ax in `find /usr/lib/perl5/PandoraFMS/ -type f`
do
bx=`md5sum $ax`
echo $bx >>$OUTPUT
echo -n "."
done
if [ -d "/usr/lib/perl5/Goliat/" ]
then
for ax in `find /usr/lib/perl5/Goliat/ -type f`
do
bx=`md5sum $ax`
echo $bx >>$OUTPUT
echo -n "."
done
fi
if [ -d "/etc/pandora/" ]
then
for ax in `find /etc/pandora/ -type f`
do
bx=`md5sum $ax`
echo $bx >>$OUTPUT
echo -n "."
done
fi
echo " "
echo "File generated at $OUTPUT"
fi
echo "Finishing witout error"
exit 0