Hey guys, just though id post this very, very simple bash script that will
verify the md5 signatures of most of the important binarys on your linux systems (such as
/bin, /sbin, /usr/bin, /usr/sbin/ /lib) etc against a database of md5 singatures. If the script
finds a mismatch, then the system alerts the administrator, goes down run level 1 (single user mode)
and prompts the admin to check the system for sign of intrusion.

I usually place this in my /etc/rc.d/rc.local (local startup script) . It gets executed
just before the system offers you a login prompt. That way if the script detects that
the signatures of /bin/ps or /bin/login have changed, the system takes it self offline.


Every little bit of security helps, rememeber "defence in depth" but i think we all
can agree that taking a snapshot of your system just after installation time is a very wise
move that can save you alot of hard work.





#!/bin/bash
# MD5 System Binary Integrity Check
# Very simple but effective tool for verifying the integrity of your
# system and your system binaries
# Chl0ie - Script Written for Slackware 7.0

# BEFORE YOU START

# 1. Copy the utility "md5sum" from your local hard disk to a floppy disk and
# write protect it. This makes sure noone has tampered with your 'md5sum'
# binary. Also "chattr +i md5sum" and md5database.txt so root cant even modify it.

# 2. You have to pre-create (just after installation and BEFORE you put the
# box online IDEALLY) the md5database.txt file. Use this command
# /usr/sbin/md5sum /bin/* /usr/bin/* /sbin/* /usr/sbin/* /lib/* > /mnt/floppy/md5database.txt
# you also have to create a file called "whatever.txt" thats empty. touch whatever.txt works!
# this ofcourse assumes you have a floppy disk drive and a mount point of /mnt/floppy

# 3. Edit a start up script (/etc/rc.d/rc.local) and run the script from there
# The script will verify import system binaries every time the machine has been
# rebooted, telinit'ed, etc like so
# echo "/root/md5integritycheck" >> /etc/rc.d/rc.local

# 4. Run the script in a cron job every nite at 3:00am for example to verify the integrity
# of your binaries very nite. Its well worth doing.


echo "Verifying Operating System Integrity - MD5 Checksum Database Check"
mount /dev/fd0 /mnt/floppy
cd /mnt/floppy
./md5sum /bin/* /usr/bin/* /sbin/* /usr/sbin/* /lib/* 2>/dev/null > md5checksums.txt
./diff md5checksums.txt md5database.txt > whatever.txt
if [ -s whatever.txt ];
then
echo "MD5 Checksum Database MISMATCH - Security Violation!!!"
echo ""
echo ""
echo "System Binary Checksum Failure Listed Below"
more whatever.txt
sleep 4
echo ""
echo "Switching to Runlevel 1 - Perform Security Audit IMMEDIATELY!!!"
telinit 1
else
echo "MD5 Checksum Database VERIFIED - Operating System OK"
echo "Hit [enter] key for logon"
fi
cd /
/bin/umount /dev/fd0


anyway enjoy, suggestions and improvemnts are always encouraged. I know its simple but it
sure works well and fast, and its a little more peace of mind at nite hehe.