#!/usr/bin/perl ######################################################## # # This script is intended to provide a means for # detecting changes made to files, via a regular # comparison of MD5 hashes to an established # "baseline". In this respect, it vaguely resembles # the Tripwire product, hence the name. # # # This script requires perl (duh), Berkeley DBM support # and the md5 command, which is a standard part of the # FreeBSD loadout. I'll probably replace this dependency # with the perl MD5 module shortly. # ######################################################## ######################################################## # # Usage: # # ./slipwire [options] [hashfilename] [file_list]|file1 file2 file3... # # The options are as follows: # # -create Initialize database file # # -compare Compare MD5 hashes to # baseline configuration # # -only Index only the filenames given, # ie, don't use a list of files. # # # hashfilename is the name of the Berkeley DBM file created # for storing the filenames and MD5 hashes. # # file_list is a text file containing a list of # paths that you want to index. # # # example: # # slipwire.pl -create foo.dbm dir_list.txt # # ...creates foo.dbm and recursively generates # entries and MD5 hashes for all directories listed # in dir_list.txt, which is an ascii file containing # one path per line # # slipwire.pl -only foo.dbm file1 file2 file3 file4 # ...creates foo.dbm but only indexes file1, file2, # file3 and file4. # # slipwire.pl -compare foo.dbm dir_list.txt # ...checks the MD5 hashes of the files in # dir_list.txt against the current entries # in foo.dbm, alerting you to changes. # # slipwire.pl -compare foo.dbm file1 file2 file3 file4 # ...checks the MD5 hashes of file1, file2,file3, file4 # # There isn't much in the way of error-checking in this # yet, but I thought that this might be useful to someone # even in its current form. I'm still working on it. # # This script can be redistributed under the same terms # as perl itself. # # Cheers, # # James Quinby # jquinby@node.to # ####################################################### ####################################################### use DB_File; use FileHandle; if ($ENV{USER} ne "root"){ print "\nSorry, you must be root to run this program.\n\n"; exit; } if ($ARGV[0] =~ /-create/) { create(); exit; } if ($ARGV[0] =~ /-compare/) { compare(); exit; } if ($ARGV[0] =~ /-only/) { only(); exit; } if ($ARGV[0] =~ //) { usage(); exit; } sub create { print "You chose to create.\n"; my $file_list = new FileHandle; my $i = 0; $file_list->open($ARGV[2]); open(FINDPIPE, "$find |"); $db = tie %hashfile, "DB_File", $ARGV[1]; my $file_list_line; while ($file_list_line = $file_list->getline()){ chop $file_list_line; print "\nCreating hashes for $file_list_line...\n\n"; my $find = "find " . $file_list_line . ' \! -type d -print -exec /sbin/md5 -q {} \;'; open(FINDPIPE, "$find |"); my $find_pipe_line; while ($find_pipe_line = ) { $i++; my $key = $find_pipe_line; chop $key; my $value = ; chop $value; print "$key: $value\n"; $db->put($key, $value); } } print "\nHash database created successfully. $i files entered.\n"; } sub compare { print "Comparing files in the current hash database.\n\n"; my $file_list = new FileHandle; my $i; my $j = 0; $db = tie %hashfile, "DB_File", $ARGV[1]; $file_list->open($ARGV[1]); my $file_list_line; while (($key, $old_value) = each %hashfile){ $new_value = `md5 -q $key`; chop $new_value; $i++; if ($new_value ne $old_value){ print "ALERT! FILE CHANGED: $key\n"; print "old: " . $old_value . "\n"; print "new: " . $new_value . "\n"; $j++; } } print "\nComparison complete. $i files checked with $j alerts.\n\n"; } sub only { print "You want to use the ONLY option\n"; my $file_list; my $i = 0; my @file_list = splice(@ARGV, 2); $db = tie %hashfile, "DB_File", $ARGV[1]; print "\nCreating hashes...\n\n"; while ($file_list = shift @file_list){ $i++; my $key = $file_list; chomp $key; my $value = `md5 -q $key`; chomp $value; print "$key: $value\n"; $db->put($key, $value); } print "\nHash database created successfully. $i files entered.\n"; } sub usage { print "\n"; print "Usage: slipwire.pl [options] hashfile [file-list|file1 file2 file3...]\n"; print "\n\n"; print "Options:\n\n"; print "-create \t Initialize the hash.dbm database\n"; print "-compare \t Check the filesystems listed in [file-list] against the old values\n"; print "-only\t\t Create index with supplied filenames only\n"; print "\n"; print "hashfile is a DBM file created and used for storing the file and MD5 information."; print "\n"; print "file-list is a text file containing paths and/or filenames to be indexed.\n"; print "\n"; }