文件完整性检查的脚本

lixiao0617

原文出处:http://www.ibm.com/developerworks/aix/library/au-satsystemvalidity/index.html
Final script
#!/usr/local/bin/perl
use Digest::MD5;
use IO::File;
use strict;
use File::Find ();
use Getopt::Long;
my $chksumfile = 'chksums.dat';
my $compare = 0;
my $basedir = '/etc';
use vars qw/*name *dir *prune/;
*name   = *File::Find::name;
*dir    = *File::Find::dir;
*prune  = *File::Find::prune;
GetOptions("chksumfile=s" => \$chksumfile,
           "compare" => \$compare,
           "basedir=s" => \$basedir);
my $chksumdata = {};
if ($compare)
{
    loadchksumdata($chksumfile);
}
my $outfile = '';
if (!$compare)
{
    $outfile = IO::File->new($chksumfile,"w");
}
File::Find::find({wanted => \&wanted}, $basedir);
if ($compare)
{
    foreach my $file (keys %{$chksumdata})
    {
        print STDERR "Couldn't find $file, but have the info on record\n";
    }
}
sub loadchksumdata
{
    my ($file) = @_;
    open(DATA,$file) or die "Cannot open check sum file $file: $!\n";
    while()
    {
        chomp;
        my ($filename,$rest) = split(/:/,$_,2);
        $chksumdata->{$filename} = $_;
    }
    close(DATA);
}
sub wanted {
    next unless (-f $name);
    my $fileinfo = genchksuminfo($name);
    if ($compare)
    {
        if (exists($chksumdata->{$name}))
        {
            if ($chksumdata->{$name} ne $fileinfo)
            {
                print STDERR "Warning: $name differs from that on record\n";
                gendiffreport($chksumdata->{$name}, $fileinfo);
            }
            delete($chksumdata->{$name});
        }
        else
        {
            print STDERR "Warning: Couldn't find $name in existing records\n";
        }
    }
    else
    {
        printf $outfile ("%s\n",$fileinfo);
    }
}
sub gendiffreport
{
    my ($orig,$curr) = @_;
    my @fields = qw/filename chksum device inode mode nlink uid gid size mtime ctime/;
    my @origfields = split(/:/,$orig);
    my @currfields = split(/:/,$curr);
    for(my $i=0;$inew();
    my (@statinfo) = stat($file);
    $chk->add(@statinfo[0,1,2,3,4,5,7,9,10]);
    $chk->addfile(IO::File->new($file));
    return sprintf("%s:%s:%s",
                   $file,$chk->hexdigest,
                   join(':',@statinfo[0,1,2,3,4,5,9,10]));
}
$ genmd5.pl --basedir=/etc --chksumfile=etc-chksum.dat
Results when the /etc/hosts file is edited
$ genmd5.pl --basedir /private/etc --compare
Warning: /private/etc/hosts differs from that on record
        chksum differ; was d4a23fcdaa835d98ede1875503273ce6,
                                now beb50782b3fd998f35786b1e6f503d1b
        inode differ; was 4879566, now 4879581
        size differ; was 1186929905, now 1186930065
        mtime differ; was 1186929905, now 1186930065
Couldn't find /private/etc/hosts~, but have the info on record

               
               
               

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u1/34395/showart_509543.html