This paper is participating in the30 years of Linux”Topic essay activity

A, requirements,

Some customers need to verify the consistency of files, so THEY want to use MD5SUM tool, so they write scripts to carry out custom scan of files. Later, they can be used for verification, so as to quickly verify files and discover changed files, and to some extent, timely discover file changes or intrusion behaviors.

Second, the script

Md5sum is used to save the scanned files in the/TMP directory with a timestamp suffix, which can be used to verify git addresses later

#! /bin/bash #func:scan file #md5sum -c $SCAN_FILE SCAN_DIR=`echo $PATH |sed 's/:/ /g'` SCAN_CMD=`which md5sum` SCAN_FILE_FAIL="/tmp/scan_$(date +%F%H%m)_fall.txt" SCAN_FILE_BIN="/tmp/scan_$(date +%F%H%m)_bin.txt" scan_fall_disk() { Echo "is scanning everything, please wait! File path :$SCAN_FILE_FALL" find / -type f! -path "/proc/*" -exec $SCAN_CMD {} ; > > $SCAN_FILE_FAIL 2> / dev/null echo "the scan is complete, can use the following command late to check file" echo "$SCAN_CMD - c $SCAN_FILE_FAIL | grep -v 'OK $"} scan_bin () {echo $SCAN_FILE_BIN" for file in $SCAN_DIR do find $file-type f -exec $SCAN_CMD {}; > > $SCAN_FILE_BIN 2> / dev/null done echo late "the scan is complete, can use the following command to check the file" echo "$SCAN_CMD - c $SCAN_FILE_BIN | grep -v 'OK $"} the clear echo "# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #" echo "# #" echo "# using md5sum to check file #" echo "# #" echo "# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #" echo "1: full scan" echo "2: bin path scanning" echo "3: Read -p "Please input your choice:" method case $method in 1) scan_fall_disk; 2) scan_bin;; 3) echo "you choce channel!" & & exit 1;; *) echo "input Error! Place input{1|2|3}" & & exit 0;; esacCopy the code

Three, test,

  • Scan binary executable files

Because executables are extremely sensitive,ifThe system may put its own program in a feasible path, or replace the original binary file, yes$PATHScanning directoriesChange in the binary can be detected by moving the WC file to another path, or by following another program

  • Full scan

Four, extension,

  • You can change the path to your own scan path
  • Other tools like this can also be used to scan
  • Later, it can coordinate with scheduled tasks, and even report and alarm functions to actively monitor system file abnormalities in time.