###################################################################### # # Thomas Whipp (26/11/1999) tkw100@yahoo.com # # Check Files Module # ================== # # Version 1.1 (28/03/2000) SLJ - Corrected status color name and changed # reporting service name to 'files' # Version 1.0 (29/11/1999) TKW - Basic functionality complete however # the code is not fully portable some # Unix specifics are still embeded and # the parsing assumes a particular format # from the checksumming routine. # Version 0.9 (29/11/1999) TKW - Mostly complete, some work remains to # avoid spurious errors the first time a # file is checked. # Version 0.1 (29/11/1999) TKW - basic module build. # # SLJ - Stephen L Johnson # ###################################################################### ###################################################################### # Register routine with plugin registery ###################################################################### $CHECKFUNCS{'files'} = \&check_files; ################################## # Expected configuration variables: # (Set values for these variables in spong.conf) # # $FILES_CHKSUM - the command to execute to get the demo info # $FILES_DB - the file to store previous checksums in # - File format: # - # $FILES_ARCH - directory to store old versions of files # # $FILES_WARN - optional list of files for yellow alert # $FILES_CRIT - optional list of files for red alert # # Note: If no files are specified to be checked this module will # trivially return a green status. # ################################## $FILES_CHKSUM = '/usr/bin/sum'; $FILES_DB = '/usr/local/spong/var/misc/check_files.dat'; $FILES_ARCH = '/usr/local/spong/var/misc'; $FILES_CRIT = '/etc/passwd /etc/shadow /etc/hosts.allow /etc/hosts.deny' ; sub check_files { ######################### #Declare/Initialise locale variables ######################### my($message, $color, $summary ); my(%files_sig, %new_files_sig, $firstchange); $color = "green"; $summary = "no changes found"; $firstchange_flag=1; if(!(defined($FILES_CHKSUM) && defined($FILES_DB))) { $color="red"; $summary="module not correctly configured"; $message="Please check module configuration"; } else { ######################### # Do the checks ######################### open (FDB, "$FILES_DB"); while () { # Read previous file chksums into a hash ($chksum,$filename)=split(/\s+/,$_); $files_sig{$filename}=$chksum; } close(FDB); if(defined($FILES_WARN) || defined($FILES_CRIT)) { open (NEW_CHKSUMS,"$FILES_CHKSUM $FILES_WARN $FILES_CRIT /dev/null |"); while () { # Read output from Unix sum command # and check that the file checksums are the same # as those within the database ($chksum, $junk, $filename)=split(/\s+/,$_); $new_files_sig{$filename}=$chksum; if(defined($files_sig{$filename}) && $files_sig{$filename}!=$chksum) { if($firstchange_flag) { $firstchange_flag=0; $summary=""; $message=""; } if($FILES_WARN=~/$filename/) { $color="yellow"; $summary.=" $filename changed [warn]"; $message.=" $filename changed [warn]\n"; } if($FILES_CRIT=~/$filename/) { $color="red"; $summary.=" $filename changed [alert]"; $message.=" $filename changed [alert]\n"; } if(defined($FILES_ARCH)) { $the_date=`date +"%Y%m%d%H%M"`; ($fileid)=($filename =~ /.*\/([^\/]+)$/); &debug("$filename $the_date"); $junk=`cp $filename $FILES_ARCH/$fileid.$the_date`; } } } close NEW_CHKSUMS; } # Save new checksums # Note: due the manner in which this new database is generated obsolete # values will be automatically expunged. open (FDB, ">$FILES_DB"); foreach (sort keys %new_files_sig){ print FDB "$new_files_sig{$_} $_ \n"; } close(FDB); } ######################### # Log the results of the test ######################### &debug("files - $color, $summary"); &status( $SPONGSERVER, $HOST, "files", $color, $summary, $message ); } # I'm include perl code, I need this line. 1; ###################################################################### # End of file ######################################################################