If you have a very static Linux server and you want to make sure it's not messed with, here's a simple script that will tell you if any files have been tampered with. It's not as fancy or as secure as tripwire or those others, but it is very simple. It can be easily adapted to any *NIX OS.
Code:
#!/bin/sh
## How often to run (in seconds)
PERIOD=3600
## Any files or directories that always change, add here:
EXCLUDE="/proc/ /sys/ /dev/ /var/log /var/run/ /var/lock/ /var/cache/ /var/tmp/ /tmp/ /var/lib/ldap/"
EXCLUDE="$EXCLUDE /var/spool/ /etc/prelink.cache /etc/ld.so.cache /var/lib/logrotate.status /var/lib/slocate/"
EXCLUDE="$EXCLUDE /.*\.viminfo /var/lib/md5sigs"
SIGS=/var/lib/md5sigs
TEMP=/tmp/sigs-$$
umask 077
#
while true; do
# calculate md5sum of all files not in EXCLUDE
exclude_re=`echo "^("$EXCLUDE")" | sed 's/ */|/g'`
find / -type f -print 2>/dev/null |
grep -Ev "$exclude_re" |
LC_ALL=C sort |
xargs md5sum 2>/dev/null >$TEMP
# Compare against existing database (or use this one for new database)
if test -f /root/.md5sigs ;then
diff -w -h $SIGS $TEMP >$TEMP.diff
if [ -s $TEMP.diff ]; then
mail -s "File scan Report" root <$TEMP.diff
exit 1
fi
rm -f $TEMP $TEMP.diff
else
mv $TEMP $SIGS
echo "No prior existing report."
fi
sleep $PERIOD
done
# Copyright 2009 by Otheus, licensed under GNU v2 Public License
Last edited by otheus; 04-15-2009 at 06:11 AM..
Reason: added umask setting per follow-up posts
Heloo every one
I want to write a script that detects a key press and mouse click and movement,but I dont know how.
The second one is I want to run myscript without writing the shell ie not "sh script.sh" but "script.sh"
Can you help me out of here?
Thanks in advance. (9 Replies)
I am currently running 4 scripts to complete a job for me. Each script requires the finished file of the one before it. For example the first script gets the finished file called model.x, then i would like script2 to start in and use model.x as the input and get model_min.x as the finished... (5 Replies)
Hello all
I have a script but I failed on the creation of
Script is any is carried out in the shell sends the owner of the server, the message is has been implemented
For example, functioned as a detection system intruders but in smaller
Is it possible to help if you allow
I want the... (4 Replies)
Hey, for the purpose of a research project I need to know if a specific type of parallel processing is being utilized by any user-run programs. Is there a way to detect whether a program either returns a value to another program at the end of execution, or just utilizes any form of parallel... (4 Replies)
Hello all!
This is my first post and I'm very new to programming. I would like help creating a simple perl or bash script that I will be using in my work as a junior bioinformatician.
Essentially, I would like to take a tab-delimted or .csv text with 3 columns and write them to a "3D" matrix:
... (16 Replies)
Discussion started by: torchij
16 Replies
LEARN ABOUT HPUX
secure_sid_scripts
secure_sid_scripts(5) File Formats Manual secure_sid_scripts(5)NAME
secure_sid_scripts - controls whether setuid and setgid bits on scripts are honored
VALUES
Failsafe
Default
Allowed values
Recommended values
DESCRIPTION
This tunable controls whether and bits on executable scripts have any effect. Honoring on scripts make a system vulnerable to attack by
malicious users.
The default value for this variable is 1, indicating that bits are to be ignored by the execve(2) system call for higher security. The
tunable can be set to 0 for a compatibility with older releases at the expense of security. Hewlett-Packard strongly recommends that you
not change the value of this tunable unless there is an urgent need to do so.
When a script with bits is executed, the kernel generates the following error message to both the terminal controlling and the system log.
(To view the error message, use dmesg(1M) or inspect
Who is Expected to Change This Tunable?
Administrator.
Restrictions on Changing
Changes to this tunable take effect for new scripts started after the change.
When Should the Value of This Tunable Be Changed?
This tunable controls operational modes rather than data structure sizes and limits. The appropriate setting for a system depends on
whether you consider security or compatibility to be most important.
A value of is compatible with previous releases of HP-UX, but it is also less secure.
A value of provides security against race condition attacks exploiting scripts.
What Are the Side Effects of Changing the Value
This tunable controls only executable scripts (not programs) with bit set. HP-UX does not ship with any such scripts. If the customer
wishes to use scripts, third party applications such as or can be used. Alternatively, the shell script can be wrapped in a simple C pro-
gram that runs the shell script with appropriate permissions:
What Other Tunable Values Should Be Changed at the Same Time?
None.
WARNINGS
None. All HP-UX kernel tunable parameters are release specific. This parameter may be removed or have its meaning changed in future
releases of HP-UX.
Installation of optional kernel software, from HP or other vendors, may cause changes to tunable parameter values. After installation,
some tunable parameters may no longer be at the default or recommended values. For information about the effects of installation on tun-
able values, consult the documentation for the kernel software being installed. For information about optional kernel software that was
factory installed on your system, see at
FILES AUTHOR
was developed by HP.
SEE ALSO chmod(1), execve(2), kctune(1M).
Tunable Kernel Parameters secure_sid_scripts(5)