######################################################################
#
# Thomas Whipp (26/11/1999) tkw100@yahoo.com
#
# Check Files Module
# ==================
#
# Version 1.1 (28/03/2000) SLJ - Corrected status color name and changed
# reporting service name to 'files'
# Version 1.0 (29/11/1999) TKW - Basic functionality complete however
# the code is not fully portable some
# Unix specifics are still embeded and
# the parsing assumes a particular format
# from the checksumming routine.
# Version 0.9 (29/11/1999) TKW - Mostly complete, some work remains to
# avoid spurious errors the first time a
# file is checked.
# Version 0.1 (29/11/1999) TKW - basic module build.
#
# SLJ - Stephen L Johnson <sjohnson@monsters.org>
#
######################################################################
######################################################################
# Register routine with plugin registery
######################################################################
$CHECKFUNCS{'files'} = \&check_files;
##################################
# Expected configuration variables:
# (Set values for these variables in spong.conf)
#
# $FILES_CHKSUM - the command to execute to get the demo info
# $FILES_DB - the file to store previous checksums in
# - File format:
# - <checksum> <size> <file>
# $FILES_ARCH - directory to store old versions of files
#
# $FILES_WARN - optional list of files for yellow alert
# $FILES_CRIT - optional list of files for red alert
#
# Note: If no files are specified to be checked this module will
# trivially return a green status.
#
##################################
$FILES_CHKSUM = '/usr/bin/sum';
$FILES_DB = '/usr/local/spong/var/misc/check_files.dat';
$FILES_ARCH = '/usr/local/spong/var/misc';
$FILES_CRIT = '/etc/passwd /etc/shadow /etc/hosts.allow /etc/hosts.deny' ;
sub check_files {
#########################
#Declare/Initialise locale variables
#########################
my($message, $color, $summary );
my(%files_sig, %new_files_sig, $firstchange);
$color = "green";
$summary = "no changes found";
$firstchange_flag=1;
if(!(defined($FILES_CHKSUM) && defined($FILES_DB)))
{
$color="red";
$summary="module not correctly configured";
$message="Please check module configuration";
}
else
{
#########################
# Do the checks
#########################
open (FDB, "$FILES_DB");
while (<FDB>)
{
# Read previous file chksums into a hash
($chksum,$filename)=split(/\s+/,$_);
$files_sig{$filename}=$chksum;
}
close(FDB);
if(defined($FILES_WARN) || defined($FILES_CRIT))
{
open (NEW_CHKSUMS,"$FILES_CHKSUM $FILES_WARN $FILES_CRIT /dev/null |");
while (<NEW_CHKSUMS>) {
# Read output from Unix sum command
# and check that the file checksums are the same
# as those within the database
($chksum, $junk, $filename)=split(/\s+/,$_);
$new_files_sig{$filename}=$chksum;
if(defined($files_sig{$filename}) && $files_sig{$filename}!=$chksum)
{
if($firstchange_flag)
{
$firstchange_flag=0;
$summary="";
$message="";
}
if($FILES_WARN=~/$filename/)
{
$color="yellow";
$summary.=" $filename changed [warn]";
$message.=" $filename changed [warn]\n";
}
if($FILES_CRIT=~/$filename/)
{
$color="red";
$summary.=" $filename changed [alert]";
$message.=" $filename changed [alert]\n";
}
if(defined($FILES_ARCH))
{
$the_date=`date +"%Y%m%d%H%M"`;
($fileid)=($filename =~ /.*\/([^\/]+)$/);
&debug("$filename $the_date");
$junk=`cp $filename $FILES_ARCH/$fileid.$the_date`;
}
}
}
close NEW_CHKSUMS;
}
# Save new checksums
# Note: due the manner in which this new database is generated obsolete
# values will be automatically expunged.
open (FDB, ">$FILES_DB");
foreach (sort keys %new_files_sig){
print FDB "$new_files_sig{$_} $_ \n";
}
close(FDB);
}
#########################
# Log the results of the test
#########################
&debug("files - $color, $summary");
&status( $SPONGSERVER, $HOST, "files", $color, $summary, $message );
}
# I'm include perl code, I need this line.
1;
######################################################################
# End of file
######################################################################