Shulou(Shulou.com)06/01 Report--

How to use the detection method of MD5 and shell script to realize the file integrity test of linux system. In view of this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

Today, I found a shell script that can check the integrity of system files. I tried it myself and introduced it to you.

System: centos 5.x

The script without Chinese is as follows:

Click (here) to collapse or open

#! / bin/bash

Shopt-s-o nounset

Date=$ (date +'% Y% m% d% H% M% S')

Dirs= "/ bin / sbin / usr/bin / usr/sbin / lib / usr/local/sbin / usr/local/bin / usr/local/lib"

TMP_file=$ (mktemp / tmp/check.XXXXXX)

FP= "/ root/fp.$Date.chksum"

Checker= "/ usr/bin/md5sum"

Find= "/ usr/bin/find"

Scan_file () {

Local f

For f in $Dirs

Do

$Find $f-type f > > $TMP_file

Done

}

Cr_checksum_list () {

Local f

If [- f $TMP_file]; then

For f in $(cat $TMP_file)

Do

$Checker $f > > $FP

Done

Fi

}

RmTMP () {

[- f $TMP_file] & & rm-rf $TMP_file

}

Scan_file

Cr_checksum_list

RmTMP

After execution, you just get a text, and now officially test it.

Script execution:

[root@node3 ~] # sh my_filecheck.sh

To verify:

Md5sum-c fp.20141205160628.chksum

If all OK, the word OK will be displayed. If there is a problem, the corresponding error will be reported, as follows:

[root@node3 ~] # md5sum-c fp.20141205160628.chksum | grep-v "OK"

Md5sum: / usr/bin/chattr: No such file or directory

/ usr/bin/chattr: FAILED open or read

Md5sum: WARNING: 1 of 8267 listed files could not be read

I rewrote the script myself, adding verification statements and output error reports, and the end shows:

/ usr/local/bin/dbhome: OK

/ usr/local/bin/oraenv: OK

2018011017 echo error

2018011017 finsh

Between 2018011017 echo error and 2018011017 finsh, an error is displayed. If there is no content, there is no error.

To use a directory, you need to create it in advance

Mkdir / root/scripts/log bin tmp

The complete script is as follows (the time is changed to accurate to hours):

#! / bin/bash

Source / etc/profile

Shopt-s-o nounset

Date=$ (date +'% Y% m% d% H')

Dirs= "/ bin / sbin / usr/bin / usr/sbin / lib / usr/local/sbin / usr/local/bin / usr/local/lib"

TMP_file=$ (mktemp / tmp/check.XXXXXX)

FP= "/ root/fp.$Date.chksum"

Checker= "/ usr/bin/md5sum"

Find= "/ usr/bin/find"

Scan_file () {

Local f

For f in $Dirs

Do

$Find $f-type f > > $TMP_file

Done

}

Cr_checksum_list () {

Local f

If [- f $TMP_file]; then

For f in $(cat $TMP_file)

Do

$Checker $f > > $FP

Done

Fi

}

RmTMP () {

[- f $TMP_file] & & rm-rf $TMP_file

}

Scan_file

Cr_checksum_list

RmTMP

Date=$ (date +'% Y% m% d% H')

FP= "/ root/fp.$Date.chksum"

Md5sum-c $FP > / root/scripts/log/$Date.log

Echo $Date "echo error" > > / root/scripts/log/$Date.log

Md5sum-c $FP | grep-v "OK" > > / root/scripts/log/$Date.log

Echo $Date "finsh" > > / root/scripts/log/$Date.log

Do not look at the following:

The code is explained as follows:

Cat my_filecheck.sh

#! / bin/bash

#

# variables must be declared before they can be used

Shopt-s-o nounset

# Declaration

# date of establishment

Date=$ (date +'% Y% m% d% H% M% S')

# add the directory to the audit #

Dirs= "/ bin / sbin / usr/bin / usr/sbin / lib / usr/local/sbin / usr/local/bin / usr/local/lib"

# temporary files #

TMP_file=$ (mktemp / tmp/check.XXXXXX)

# File checksum Storage File

FP= "/ root/fp.$Date.chksum"

# which checksum tool to use

Checker= "/ usr/bin/md5sum"

Find= "/ usr/bin/find"

# function area #

Scan_file () {

Local f

For f in $Dirs

Do

$Find $f-type f > > $TMP_file

Done

}

# read files and establish checksum values for each file

Cr_checksum_list () {

Local f

If [- f $TMP_file]; then

For f in $(cat $TMP_file)

Do

$Checker $f > > $FP

Done

Fi

}

RmTMP () {

[- f $TMP_file] & & rm-rf $TMP_file

}

# main program area

# scan list

Scan_file

# create the checksum value of the file

Cr_checksum_list

# cleaning up temporary files

RmTMP

Execute the script:

. / my_filecheck.sh

To verify:

Md5sum-c fp.20141205160628.chksum

It is as follows:

Md5sum-c fp.20141209202544.chksum

/ bin/gawk: OK

/ bin/igawk: OK

/ bin/ln: OK

/ bin/loadkeys: OK

/ bin/gzip: OK

/ bin/mkdir: OK

/ bin/date: OK

/ bin/cat: OK

/ bin/mountpoint: OK

/ bin/taskset: OK

/ bin/umount: OK

/ bin/mount: OK

/ bin/doexec: OK

/ bin/kill: OK

/ bin/sync: OK

/ bin/unicode_start: OK

/ bin/usleep: OK

/ bin/mknod: OK

/ bin/setserial: OK

/ bin/cp: OK

/ bin/mktemp: OK

/ bin/setfont: OK

/ bin/unicode_stop: OK

.

/ lib/modules/2.6.18-194.el5PAE/kernel/crypto/cast5.ko: OK

/ lib/modules/2.6.18-194.el5PAE/kernel/crypto/crypto_blkcipher.ko: OK

/ lib/modules/2.6.18-194.el5PAE/kernel/crypto/twofish.ko: OK

/ lib/modules/2.6.18-194.el5PAE/kernel/crypto/authenc.ko: OK

/ lib/modules/2.6.18-194.el5PAE/kernel/crypto/cbc.ko: OK

/ lib/modules/2.6.18-194.el5PAE/kernel/crypto/crypto_hash.ko: OK

/ lib/modules/2.6.18-194.el5PAE/kernel/crypto/seqiv.ko: OK

/ lib/libproc-3.2.7.so: OK

/ lib/libacl.so.1.1.0: OK

/ lib/libauparse.so.0.0.0: OK

/ lib/libdmraid.so.1.0.0.rc13-17: OK

/ lib/libvolume_id.so.0.66.0: OK

/ lib/libgobject-2.0.so.0.1200.3: OK

/ lib/libnss_compat-2.5.so: OK

/ lib/rtkaio/i686/nosegneg/librtkaio-2.5.so: OK

/ lib/rtkaio/librtkaio-2.5.so: OK

/ lib/libdmraid-events-isw.so.1.0.0.rc13: OK

/ lib/libdevmapper-event-lvm2snapshot.so.2.02: OK

/ lib/libblkid.so.1.0: OK

/ lib/libdb-4.3.so: OK

/ lib/libSegFault.so: OK

/ lib/libiw.so.28: OK

/ lib/libdmraid-events-isw.so.1.0.0.rc13-17: OK

You can see a lot of OK.

If you only want to see errors, you can use the following command:

The code is as follows:

Md5sum-c fp.20141209202544.chksum | grep-v "OK"

There is nothing wrong with my system, so there is no way to give you the results.

On how to use MD5 detection methods and shell scripts to achieve linux system file integrity testing questions are shared here, I hope the above content can be of some help to you, if you still have a lot of doubts have not been solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.