Added new tool to generate a hash catalog to verify pandora fms setups has not been altered and provide a simple integrity check of libraries, configuration files and sources of both, console, server and agent.
This commit is contained in:
parent
a68622b558
commit
ff0f2d5256
|
@ -0,0 +1,151 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Pandora FMS Integrity Check v1.0
|
||||
# (c) 2014 Pandora FMS Team
|
||||
#
|
||||
# This script is used to generate a MD5 hash of each relevant file
|
||||
# in a Pandora FMS, including server and console files. It supports
|
||||
# a mode to "check" using the output of a previous execution.
|
||||
|
||||
UNIXTIME=`date +%s`
|
||||
HUMANDATE=`date +%d-%m-%y-%s`
|
||||
OUTPUT=integrity_check_`date +%d-%m-%y-%s`.data
|
||||
|
||||
echo "Pandora FMS Integrity Check tool v1.0"
|
||||
echo "(c) Pandora FMS Development Team 2014"
|
||||
echo " "
|
||||
|
||||
if [ $# -lt 2 ]
|
||||
then
|
||||
echo "Syntax:"
|
||||
echo " "
|
||||
echo "integrity_chech new|check <path_to_console> [<path_to_integrity_file]>"
|
||||
echo " "
|
||||
echo " If mode 'check' is selected, it will require a integrity file (generated by this tool) to check it against current setup"
|
||||
echo " "
|
||||
exit -1
|
||||
fi
|
||||
|
||||
CONSOLE_PATH=$2
|
||||
INTEGRITY_FILE=$3
|
||||
INTEGRITY_REPORT=$INTEGRITY_FILE.report
|
||||
MODE=$1
|
||||
ERROR=0
|
||||
|
||||
if [ ! -d "$CONSOLE_PATH" ]
|
||||
then
|
||||
echo "Error: Console path doesn't exist"
|
||||
exit -1
|
||||
fi
|
||||
|
||||
if [ "$MODE" == "check" ]
|
||||
then
|
||||
if [ ! -f "$INTEGRITY_FILE" ]
|
||||
then
|
||||
echo "Error: Integrity file to check not found"
|
||||
exit -1
|
||||
fi
|
||||
|
||||
IFS="
|
||||
"
|
||||
|
||||
cat /dev/null > $INTEGRITY_REPORT
|
||||
echo "#Pandora FMS Integrity Check REPORT generated at $HUMANDATE at `hostname` by $USER" >> $INTEGRITY_REPORT
|
||||
echo "Checking file integrity in $INTEGRITY_FILE."
|
||||
|
||||
for ax in `cat $INTEGRITY_FILE | grep -v "^#"`
|
||||
do
|
||||
|
||||
md5=`echo $ax | awk '{ print $1 }'`
|
||||
file=`echo $ax | awk '{ print $2 }'`
|
||||
|
||||
if [ -f "$file" ]
|
||||
then
|
||||
md5_v2=`md5sum $file | awk '{ print $1 }'`
|
||||
if [ "$md5_v2" != "$md5" ]
|
||||
then
|
||||
echo "[ERR] $file -- MD5 CHECKSUM ERROR" >> $INTEGRITY_REPORT
|
||||
ERROR=`expr $ERROR + 1`
|
||||
echo -n "e"
|
||||
else
|
||||
echo "[ ok] $file -- OK" >> $INTEGRITY_REPORT
|
||||
echo -n "."
|
||||
fi
|
||||
else
|
||||
echo "[ERR] $file -- FILE MISSING in current target" >> $INTEGRITY_REPORT
|
||||
ERROR=`expr $ERROR + 1`
|
||||
echo -n "m"
|
||||
fi
|
||||
done
|
||||
echo " "
|
||||
if [ $ERROR -gt 0 ]
|
||||
then
|
||||
echo "WARNING: Some discrepancies has been found. Check the Integrity report"
|
||||
else
|
||||
echo "Everything seems to be OK, no changes detected!"
|
||||
fi
|
||||
|
||||
echo "Done. Report is in $INTEGRITY_REPORT"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ "$MODE" == "new" ]
|
||||
then
|
||||
|
||||
echo " "
|
||||
# Begin CREATION of a new Integrity Check File
|
||||
|
||||
cat /dev/null > $OUTPUT
|
||||
echo "#Pandora FMS Integrity Check generated at $HUMANDATE at `hostname` by $USER" >> $OUTPUT
|
||||
echo "Creating integrity check of Pandora FMS Console files"
|
||||
for ax in `find /var/www/pandora_console/ -name "*.php" -o -name "*.js" -o -name "*.css" -o -name "*.sql"`
|
||||
do
|
||||
bx=`md5sum $ax`
|
||||
echo $bx >>$OUTPUT
|
||||
echo -n "."
|
||||
done
|
||||
echo " "
|
||||
echo "Creating integrity check of Pandora FMS server files"
|
||||
for ax in `find /usr/share/pandora_server/ -type f `
|
||||
do
|
||||
bx=`md5sum $ax`
|
||||
echo $bx >>$OUTPUT
|
||||
echo -n "."
|
||||
done
|
||||
|
||||
for ax in `find /usr/lib/perl5/PandoraFMS/ -type f`
|
||||
do
|
||||
bx=`md5sum $ax`
|
||||
echo $bx >>$OUTPUT
|
||||
echo -n "."
|
||||
done
|
||||
|
||||
if [ -d "/usr/lib/perl5/Goliat/" ]
|
||||
then
|
||||
for ax in `find /usr/lib/perl5/Goliat/ -type f`
|
||||
do
|
||||
bx=`md5sum $ax`
|
||||
echo $bx >>$OUTPUT
|
||||
echo -n "."
|
||||
done
|
||||
fi
|
||||
|
||||
if [ -d "/etc/pandora/" ]
|
||||
then
|
||||
for ax in `find /etc/pandora/ -type f`
|
||||
do
|
||||
bx=`md5sum $ax`
|
||||
echo $bx >>$OUTPUT
|
||||
echo -n "."
|
||||
done
|
||||
fi
|
||||
echo " "
|
||||
echo "File generated at $OUTPUT"
|
||||
fi
|
||||
|
||||
|
||||
echo "Finishing witout error"
|
||||
exit 0
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue