Listing 2

cksysfiles

#!/bin/sh
#
# cksysfiles - verify system files have not been changed
#
# Run this manually the first time to create the list of system
# binaries.  The list will be created in the file defined by OLDLIST:

OLDLIST=/etc/sysfiles.list

#
# Then run this script via cron (as root) on a regular basis to compare
# it to this list.  This file should also be manually examined regularly
# to make sure no unauthorized files have been added.
#

####################################################################
#
# maintain secure path since the script will run as root
#
PATH="/bin:/usr/bin:/etc:/usr/etc"
#
NEWLIST=/tmp/cksysfiles.$$
TEMP=/tmp/scratch.$$

#
# create a list of the local filesystems (i.e. those not remotely mounted)
#

LOCAL_FILESYSTEMS="/bin /sbin /usr/bin /etc /usr/etc"

#
# if this is the first time the script is being run
#
if [ ! -s $OLDLIST ]; then
echo "Creating list of system binaries in $OLDLIST..."
fi

#
# make the list of files to be examined
#
find $LOCAL_FILESYSTEMS -type f -xdev -print | sort >$TEMP

#
# for each file in the list, get the directory entry and checksum
#
cp /dev/null $NEWLIST
for i in `cat $TEMP`
do
echo `ls -lg $i` `sum $i` >>$NEWLIST
done

#
# if an old list exists, make the comparison, output will be mailed
# to root if run via cron.
#
if [ -s $OLDLIST ]; then
diff $OLDLIST $NEWLIST
fi

#
# clean up
#
rm $TEMP
mv $NEWLIST $OLDLIST