July 23rd, 2002, 06:20 AM
bash script for md5 binary integrity check
Hey guys, just though id post this very, very simple bash script that will
verify the md5 signatures of most of the important binarys on your linux systems (such as
/bin, /sbin, /usr/bin, /usr/sbin/ /lib) etc against a database of md5 singatures. If the script
finds a mismatch, then the system alerts the administrator, goes down run level 1 (single user mode)
and prompts the admin to check the system for sign of intrusion.
I usually place this in my /etc/rc.d/rc.local (local startup script) . It gets executed
just before the system offers you a login prompt. That way if the script detects that
the signatures of /bin/ps or /bin/login have changed, the system takes it self offline.
Every little bit of security helps, rememeber "defence in depth" but i think we all
can agree that taking a snapshot of your system just after installation time is a very wise
move that can save you alot of hard work.
# MD5 System Binary Integrity Check
# Very simple but effective tool for verifying the integrity of your
# system and your system binaries
# Chl0ie - Script Written for Slackware 7.0
# BEFORE YOU START
# 1. Copy the utility "md5sum" from your local hard disk to a floppy disk and
# write protect it. This makes sure noone has tampered with your 'md5sum'
# binary. Also "chattr +i md5sum" and md5database.txt so root cant even modify it.
# 2. You have to pre-create (just after installation and BEFORE you put the
# box online IDEALLY) the md5database.txt file. Use this command
# /usr/sbin/md5sum /bin/* /usr/bin/* /sbin/* /usr/sbin/* /lib/* > /mnt/floppy/md5database.txt
# you also have to create a file called "whatever.txt" thats empty. touch whatever.txt works!
# this ofcourse assumes you have a floppy disk drive and a mount point of /mnt/floppy
# 3. Edit a start up script (/etc/rc.d/rc.local) and run the script from there
# The script will verify import system binaries every time the machine has been
# rebooted, telinit'ed, etc like so
# echo "/root/md5integritycheck" >> /etc/rc.d/rc.local
# 4. Run the script in a cron job every nite at 3:00am for example to verify the integrity
# of your binaries very nite. Its well worth doing.
echo "Verifying Operating System Integrity - MD5 Checksum Database Check"
mount /dev/fd0 /mnt/floppy
./md5sum /bin/* /usr/bin/* /sbin/* /usr/sbin/* /lib/* 2>/dev/null > md5checksums.txt
./diff md5checksums.txt md5database.txt > whatever.txt
if [ -s whatever.txt ];
echo "MD5 Checksum Database MISMATCH - Security Violation!!!"
echo "System Binary Checksum Failure Listed Below"
echo "Switching to Runlevel 1 - Perform Security Audit IMMEDIATELY!!!"
echo "MD5 Checksum Database VERIFIED - Operating System OK"
echo "Hit [enter] key for logon"
anyway enjoy, suggestions and improvemnts are always encouraged. I know its simple but it
sure works well and fast, and its a little more peace of mind at nite hehe.
July 23rd, 2002, 07:24 AM
Wow, Simple and useful..... Makes me want to install SlackWare just to use it