#!/bin/bash # Pandora FMS Integrity Check v1.0 # (c) 2014 Pandora FMS Team # # This script is used to generate a MD5 hash of each relevant file # in a Pandora FMS, including server and console files. It supports # a mode to "check" using the output of a previous execution. UNIXTIME=`date +%s` HUMANDATE=`date +%d-%m-%y-%s` OUTPUT=integrity_check_`date +%d-%m-%y-%s`.data echo "Pandora FMS Integrity Check tool v1.0" echo "(c) Pandora FMS Development Team 2014" echo " " if [ $# -lt 2 ] then echo "Syntax:" echo " " echo "integrity_chech new|check|compare [] [] []" echo " " echo " If mode 'check' is selected, it will require a integrity file (generated by this tool) to check it against current setup. If mode 'compare' is selected, it wil require two integrity files, and will report differences between them" echo " " exit -1 fi CONSOLE_PATH=$2 INTEGRITY_FILE=$3 INTEGRITY_REPORT=$INTEGRITY_FILE.report MODE=$1 ERROR=0 if [ ! -d "$CONSOLE_PATH" ] && [ "$MODE" != "compare" ] then echo "Error: Console path doesn't exist" exit -1 fi if [ "$MODE" == "compare" ] then FILE1=$2 FILE2=$3 if [ ! -f "$FILE1" ] || [ ! -f "$FILE2" ] then echo "Error, at least one of the integrity files provided not found" exit -1 fi IFS=" " COUNTER=0 for a in `cat $FILE1 | grep -v "^#"` do if [ $COUNTER -eq 0 ] then echo -ne "\b|" fi if [ $COUNTER -eq 1 ] then echo -ne "\b/" fi if [ $COUNTER -eq 2 ] then echo -ne "\b-" fi if [ $COUNTER -eq 3 ] then echo -ne "\b\\" COUNTER=-1 fi COUNTER=`expr $COUNTER + 1` F1=`echo $a | awk '{ print $2 }'` M1=`echo $a | awk '{ print $1 }'` BUF=`cat $FILE2 | grep "$F1\$"` if [ -z "$BUF" ] then echo " " echo "[MISS] $F1 is not present in $FILE2" else M2=`echo $BUF | awk '{ print $1 }'` if [ "$M2" != "$M1" ] then echo " " echo "[DIFF] $F1 has changed" fi fi done fi if [ "$MODE" == "check" ] then if [ ! -f "$INTEGRITY_FILE" ] then echo "Error: Integrity file to check not found" exit -1 fi IFS=" " cat /dev/null > $INTEGRITY_REPORT echo "#Pandora FMS Integrity Check REPORT generated at $HUMANDATE at `hostname` by $USER" >> $INTEGRITY_REPORT echo "Checking file integrity in $INTEGRITY_FILE." for ax in `cat $INTEGRITY_FILE | grep -v "^#"` do md5=`echo $ax | awk '{ print $1 }'` file=`echo $ax | awk '{ print $2 }'` if [ -f "$file" ] then md5_v2=`md5sum $file | awk '{ print $1 }'` if [ "$md5_v2" != "$md5" ] then echo "[ERR] $file -- MD5 CHECKSUM ERROR" >> $INTEGRITY_REPORT ERROR=`expr $ERROR + 1` echo -n "e" else echo "[ ok] $file -- OK" >> $INTEGRITY_REPORT echo -n "." fi else echo "[ERR] $file -- FILE MISSING in current target" >> $INTEGRITY_REPORT ERROR=`expr $ERROR + 1` echo -n "m" fi done echo " " if [ $ERROR -gt 0 ] then echo "WARNING: Some discrepancies has been found. Check the Integrity report" else echo "Everything seems to be OK, no changes detected!" fi echo "Done. Report is in $INTEGRITY_REPORT" exit 0 fi if [ "$MODE" == "new" ] then echo " " # Begin CREATION of a new Integrity Check File cat /dev/null > $OUTPUT echo "#Pandora FMS Integrity Check generated at $HUMANDATE at `hostname` by $USER" >> $OUTPUT echo "Creating integrity check of Pandora FMS Console files" for ax in `find $CONSOLE_PATH -name "*.php" -o -name "*.js" -o -name "*.css" -o -name "*.sql"` do bx=`md5sum $ax` echo $bx >>$OUTPUT echo -n "." done echo " " echo "Creating integrity check of Pandora FMS server files" for ax in `find /usr/share/pandora_server/ -type f ` do bx=`md5sum $ax` echo $bx >>$OUTPUT echo -n "." done for ax in `find /usr/lib/perl5/PandoraFMS/ -type f` do bx=`md5sum $ax` echo $bx >>$OUTPUT echo -n "." done if [ -d "/usr/lib/perl5/Goliat/" ] then for ax in `find /usr/lib/perl5/Goliat/ -type f` do bx=`md5sum $ax` echo $bx >>$OUTPUT echo -n "." done fi if [ -d "/etc/pandora/" ] then for ax in `find /etc/pandora/ -type f` do bx=`md5sum $ax` echo $bx >>$OUTPUT echo -n "." done fi echo " " echo "File generated at $OUTPUT" fi echo "Finishing witout error" exit 0