MD5 change detection script | MyLiteratureTechLife.COM

You are here:
Home » Bash scripts » MD5 change detection script

MD5 change detection script

 

Irongeek.com wrote a script to detect MD5 change in the files in your hosting account. Actually Irongeek.com was hacked few months before and therefore they wrote this script and I believe this script is very helpful for webadmins.

You can download this script in text file by clicking here.

 

 
#!/bin/bash
# Irongeek"s crappy change detection script. ver. 0.1
# The purpose of this script is to detect file changes. We will make an MD5 
# hash of all the files in a path and look for changes. In theory, the next 
# two lines should be all you have to change (except maybe the find command).
PathToCheck="/home/irongeek/irongeek.com"
SendReportsToThisEmailAddress="irongeek@irongeek.com"
# We will store the results of our recursive hashing so we can compare them
# to new results later. Add a line like this: 
# */10 * * * * /home/irongeek/t/t.sh>/dev/null 2>&1
# to your crontab to run the script every 10 min. "crontab -e" should be the 
# command to do that (and of course leave off the # comment, and chmod +x the 
# script so that it is executable). This next line sets a variable so we know 
# where the script is ran from, and CDs into that directory. You will need 
# write permissions in this directory.
ScriptDir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# These lines just print some running information
echo Working in directory $ScriptDir
echo Checking directory $PathToCheck
echo Reports will be sent to $SendReportsToThisEmailAddress
# The next line finds all the files in the path, but excludes some we don"t
# care to check. In my case, some .spc files used to cache some RSS feeds.
# Remove this exclusion, or add more exclusions, as you wish. After find finds
# a file, it runs md5sum on it, and stores the results by redirecting
# standard out into a file.
find $PathToCheck -type f \( -not -iname "*.spc" \) -exec md5sum "{}" \;>$ScriptDir/newout.txt
# Assuming this is not the first run, the output of the command above gets 
# compared to the old output of a previous run and the differences redirected 
# into a temp file.
diff -C 0 $ScriptDir/oldout.txt $ScriptDir/newout.txt > $ScriptDir/difftemp.txt
# Assuming the file is bigger than 0 bytes, we will go into this if statement.
if [ -s $ScriptDir/difftemp.txt ]
then
	# Yippy, we found some differences in the MD5 hashes, time to generate
	# some output we will eventually send as a warning.
	echo "Got differences, sending email"
	echo "Change Report" > $ScriptDir/tempoutput.txt
	echo >> $ScriptDir/tempoutput.txt
	# The weird awk and regex below is so we can work with file names with
	# spaces in them. We ls -al each changed file to get things like size,
	# timestamp and permissions, just so there is extra info in the report.
	awk '{fn=substr($0,length($1 $2) + 4);gsub(/ /,"\\ ", fn); print fn}' \
			  $ScriptDir/difftemp.txt | grep / | uniq | xargs ls -al \
			  >>$ScriptDir/tempoutput.txt
	# Lines like the one below are just to put in an extra linefeed.
	echo >> $ScriptDir/tempoutput.txt
	# Let"s put the hash differences into the report.
	cat $ScriptDir/difftemp.txt >> $ScriptDir/tempoutput.txt
	echo >> $ScriptDir/tempoutput.txt
	# Now we can pipe it into the mail utility and send it to whom we want.
	cat $ScriptDir/tempoutput.txt | mail -s "MD5 Diff `date`" $SendReportsToThisEmailAddress
	# We will also make a running log, >> means append but not over wight.
	date >> $ScriptDir/permlog.txt
	cat $ScriptDir/tempoutput.txt >> $ScriptDir/permlog.txt
	# We will also make an archived copy of the output, naming it by date.
	cp $ScriptDir/newout.txt $ScriptDir/oldout_`date +"%Y%m%d%H%M%S"`.txt
	# And now the new output becomes the old output for the next time we do
	# MD5 file hash comparisons.
	mv $ScriptDir/newout.txt $ScriptDir/oldout.txt
else
	# If the file in the if statement is 0 bytes, we end up here, and do 
	# nothing.
	echo "No differences"
fi
# I got a lot of help on writing this script from these pages/posts:
# http://wandzeitung.informations-compagnie.de/2008/07/30/recursive-md5-hashing-with-linux/
# http://bytes.com/topic/unix/answers/647432-renaming-file-append-date
# http://www.cyberciti.biz/faq/find-command-exclude-ignore-files/
# http://www.linuxforums.org/forum/programming-scripting/134529-bash-script-needs-e-mail-output.html
# http://stackoverflow.com/questions/59895/can-a-bash-script-tell-what-directory-its-stored-in
# http://tldp.org/LDP/Bash-Beginners-Guide/html/sect_07_01.html
Posted by Tags: , , , 0 Responses
     

Leave a Reply to this Post

CAPTCHA Image
*

Apr
18
2012
 
 
Valid W3C CSS Valid W3C XHTML 1.0

Copyright © 2013 - MyLiteratureTechLife.COM All Rights Reserved - Proudly powered by WordPress

Articles cannot be reproduced without permission from the author.
Generated in 2.833 seconds.

| Sitemap | Privacy Policy | Wordpress installation Service