Register
It is currently Tue Jul 29, 2014 12:39 am

a script that compares md5sum of script & errors out if diff


All times are UTC - 6 hours


Post new topic Reply to topic  [ 4 posts ] 
Author Message
 PostPosted: Tue May 17, 2011 2:23 pm   

Joined: Tue Apr 19, 2011 11:01 pm
Posts: 36
I have a script that does a variety of checks on a system. I need to put a semi-rigid integrity mechanism so that when it runs, if it has been altered, the script will fail and notify the user. I say 'semi-rigid' because I know that anyone with root access can alter it (remove the md5sum portion, etc), but this is for starters.

I have been googling around for some script code that would check the original md5sum of the script (as what is stored in a separate file) and compare it to it's current md5sum. I have found a few sites that do this, but I am trying to limit the amount of text files that it uses to compare the sums to. Also, I only want the hash, not the file name in the md5sum return.

I was going to start out with these variables...

md5_1=($(md5sum system_script)) #this is the current md5sum of the script, which returns only the hash (no file name)
md5_2=/tmp/hash_file #this is the saved hash from the script

This is where I would like to use diff to compare the two hashes, but if the hashes are different, warn the user and exit, if they are the same (or doesn't return a result), then continue on with the rest of the script.

Again, I would like to limit the text files that store to original hash to just the one. With somehow storing the current value within the script (like in a variable or whatnot). I have found a script that creates a second file, then diffs them, but I was hoping to do it within the script itself.

thanks


Top
 Profile  
 PostPosted: Tue May 17, 2011 11:28 pm   
User avatar

Joined: Sun Jun 27, 2010 12:57 am
Posts: 192
You shouldn't have to store the filename of the script in the script itself, but you can use $0 for this.

Code:
#!/bin/sh

md5_1=$(md5sum $0 | awk '{print $1}')
md5_2=$(awk '{print $1}' "test.md5")
[ "$md5_1" != "$md5_2" ] && { echo "MD5 doesn't match"; exit 1; }

echo "Hello World"


Top
 Profile  
 PostPosted: Wed May 18, 2011 8:39 am   

Joined: Tue Apr 19, 2011 11:01 pm
Posts: 36
Thanks for posting, Patsie. However, when I entered your script in, it prints both the "MD5 doesn't match" and "Hello world" messages, so it seems that it isn't exiting on the comparison of the md5_1 and md5_2 when the hashes are different.


Top
 Profile  
 PostPosted: Wed May 18, 2011 11:00 am   

Joined: Tue Apr 19, 2011 11:01 pm
Posts: 36
I got it to work (in large part to Patsie's post). What I did was use most of what Patsie posted, but made an if statement:

Code:
#!/bin/bash

md5_1=$(md5sum $0 | awk '{print $1}')
md5_2=$(awk '{print $1}' "test.md5")

if [ "md5_1" != "md5_2" ] ; then
  echo "Integrity failure"
  exit
else
  echo "Checksum passed"
fi


Anyhow, Patsie, maybe I copied your code down wrong (had to take it to another system not on the Net), but I give thanks for your help.


Top
 Profile  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: Bing [Bot] and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


BashScripts | Promote Your Page Too
Powered by phpBB © 2011 phpBB Group
© 2003 - 2011 USA LINUX USERS GROUP