#!/bin/bash

# Pandora FMS Integrity Check v1.0
# (c) 2014 Pandora FMS Team
#
# This script is used to generate a MD5 hash of each relevant file
# in a Pandora FMS, including server and console files. It supports
# a mode to "check" using the output of a previous execution.

UNIXTIME=`date +%s`
HUMANDATE=`date +%d-%m-%y-%s`
OUTPUT=integrity_check_`date +%d-%m-%y-%s`.data

echo "Pandora FMS Integrity Check tool v1.0"
echo "(c) Pandora FMS Development Team 2014-2015"
echo " "

if [ $# -lt 2 ]
then
	echo "Syntax:"
	echo " "
	echo "integrity_chech new|check|compare [<path_to_console>] [<path_to_integrity_file>] [<path_to_integrity_file_2>]"
	echo " "
	echo "  If mode 'check' is selected, it will require a integrity file (generated by this tool) to check it against current setup. If mode 'compare' is selected, it wil require two integrity files, and will report differences between them"
	echo " "
	exit -1
fi

CONSOLE_PATH=$2
INTEGRITY_FILE=$3
INTEGRITY_REPORT=$INTEGRITY_FILE.report
MODE=$1
ERROR=0

if [ ! -d "$CONSOLE_PATH" ] && [ "$MODE" != "compare" ]
then
	echo "Error: Console path doesn't exist"
	exit -1
fi

if [ "$MODE" == "compare" ]
then
	FILE1=$2
	FILE2=$3

	if [ ! -f "$FILE1" ] || [ ! -f "$FILE2" ]
	then
		echo "Error, at least one of the integrity files provided not found"
		exit -1
	fi

	IFS="
"
	COUNTER=0
	for a in `cat $FILE1 | grep -v "^#"`
	do
		if [ $COUNTER -eq 0 ]
		then
			echo -ne "\b|"
		fi

		if [ $COUNTER -eq 1 ]
                then
                        echo -ne "\b/"
                fi

		if [ $COUNTER -eq 2 ]
                then
                        echo -ne "\b-"
                fi
		if [ $COUNTER -eq 3 ]
                then
                        echo -ne "\b\\"
			COUNTER=-1
                fi
		
		COUNTER=`expr $COUNTER + 1`

		F1=`echo $a | awk '{ print $2 }'`
		M1=`echo $a | awk '{ print $1 }'`

		BUF=`cat $FILE2 | grep "$F1\$"`
		if [ -z "$BUF" ]
		then
			echo " "
			echo "[MISS] $F1 is not present in $FILE2"
		else
			M2=`echo $BUF | awk '{ print $1 }'`
			if [ "$M2" != "$M1" ]
			then
				echo " "
				echo "[DIFF] $F1 has changed"   
			fi
		fi
	done	

fi

if [ "$MODE" == "check" ]
then
	if [ ! -f "$INTEGRITY_FILE" ]
	then
		echo "Error: Integrity file to check not found"
		exit -1
	fi

	IFS="
"

	cat /dev/null > $INTEGRITY_REPORT
	echo "#Pandora FMS Integrity Check REPORT generated at $HUMANDATE at `hostname` by $USER" >> $INTEGRITY_REPORT
	echo "Checking file integrity in $INTEGRITY_FILE."

	for ax in `cat $INTEGRITY_FILE | grep -v "^#"`
	do
	
		md5=`echo $ax | awk '{ print $1 }'`
		file=`echo $ax | awk '{ print $2 }'`

		if [ -f "$file" ]
		then
			md5_v2=`md5sum $file | awk '{ print $1 }'`
			if [ "$md5_v2" != "$md5" ]
			then
				echo "[ERR] $file -- MD5 CHECKSUM ERROR" >> $INTEGRITY_REPORT
				ERROR=`expr $ERROR + 1`
				echo -n "e"
			else
				echo "[ ok] $file -- OK" >> $INTEGRITY_REPORT
				echo -n "."
			fi
		else
			echo "[ERR] $file -- FILE MISSING in current target" >> $INTEGRITY_REPORT
			ERROR=`expr $ERROR + 1`
			echo -n "m"
		fi
	done
	echo " "
	if [ $ERROR -gt 0 ]
	then
		echo "WARNING: Some discrepancies has been found. Check the Integrity report"
	else
		echo "Everything seems to be OK, no changes detected!"
	fi

	echo "Done. Report is in $INTEGRITY_REPORT"
	exit 0
fi

if [ "$MODE" == "new" ]
then

	echo " "
	# Begin CREATION of a new Integrity Check File

	cat /dev/null > $OUTPUT
	echo "#Pandora FMS Integrity Check generated at $HUMANDATE at `hostname` by $USER" >> $OUTPUT
	echo "Creating integrity check of Pandora FMS Console files"
	for ax in `find $CONSOLE_PATH -name "*.php" -o -name "*.js" -o -name "*.css" -o -name "*.sql"`
	do
		bx=`md5sum $ax`
		echo $bx >>$OUTPUT
		echo -n "."
	done
	echo " "
	echo "Creating integrity check of Pandora FMS server files"
	for ax in `find /usr/share/pandora_server/ -type f `
        do
		bx=`md5sum $ax`
                echo $bx >>$OUTPUT
                echo -n "."
        done

	for ax in `find /usr/lib/perl5/PandoraFMS/ -type f`
        do
                bx=`md5sum $ax`
                echo $bx >>$OUTPUT
                echo -n "."
        done

	if [ -d "/usr/lib/perl5/Goliat/" ]
	then
		for ax in `find /usr/lib/perl5/Goliat/ -type f`
                do
                       	bx=`md5sum $ax`
                       	echo $bx >>$OUTPUT
                       	echo -n "."
                done
	fi

	if [ -d "/etc/pandora/" ]
        then
                for ax in `find /etc/pandora/ -type f`
                do
                        bx=`md5sum $ax`
                        echo $bx >>$OUTPUT
                       echo -n "."
                done
        fi
	echo " "
	echo "File generated at $OUTPUT"
fi


echo "Finishing witout error"
exit 0