Results 1 to 2 of 2

Thread: bash script for md5 binary integrity check

  1. #1

    bash script for md5 binary integrity check

    Hey guys, just though id post this very, very simple bash script that will
    verify the md5 signatures of most of the important binarys on your linux systems (such as
    /bin, /sbin, /usr/bin, /usr/sbin/ /lib) etc against a database of md5 singatures. If the script
    finds a mismatch, then the system alerts the administrator, goes down run level 1 (single user mode)
    and prompts the admin to check the system for sign of intrusion.

    I usually place this in my /etc/rc.d/rc.local (local startup script) . It gets executed
    just before the system offers you a login prompt. That way if the script detects that
    the signatures of /bin/ps or /bin/login have changed, the system takes it self offline.

    Every little bit of security helps, rememeber "defence in depth" but i think we all
    can agree that taking a snapshot of your system just after installation time is a very wise
    move that can save you alot of hard work.

    # MD5 System Binary Integrity Check
    # Very simple but effective tool for verifying the integrity of your
    # system and your system binaries
    # Chl0ie - Script Written for Slackware 7.0


    # 1. Copy the utility "md5sum" from your local hard disk to a floppy disk and
    # write protect it. This makes sure noone has tampered with your 'md5sum'
    # binary. Also "chattr +i md5sum" and md5database.txt so root cant even modify it.

    # 2. You have to pre-create (just after installation and BEFORE you put the
    # box online IDEALLY) the md5database.txt file. Use this command
    # /usr/sbin/md5sum /bin/* /usr/bin/* /sbin/* /usr/sbin/* /lib/* > /mnt/floppy/md5database.txt
    # you also have to create a file called "whatever.txt" thats empty. touch whatever.txt works!
    # this ofcourse assumes you have a floppy disk drive and a mount point of /mnt/floppy

    # 3. Edit a start up script (/etc/rc.d/rc.local) and run the script from there
    # The script will verify import system binaries every time the machine has been
    # rebooted, telinit'ed, etc like so
    # echo "/root/md5integritycheck" >> /etc/rc.d/rc.local

    # 4. Run the script in a cron job every nite at 3:00am for example to verify the integrity
    # of your binaries very nite. Its well worth doing.

    echo "Verifying Operating System Integrity - MD5 Checksum Database Check"
    mount /dev/fd0 /mnt/floppy
    cd /mnt/floppy
    ./md5sum /bin/* /usr/bin/* /sbin/* /usr/sbin/* /lib/* 2>/dev/null > md5checksums.txt
    ./diff md5checksums.txt md5database.txt > whatever.txt
    if [ -s whatever.txt ];
    echo "MD5 Checksum Database MISMATCH - Security Violation!!!"
    echo ""
    echo ""
    echo "System Binary Checksum Failure Listed Below"
    more whatever.txt
    sleep 4
    echo ""
    echo "Switching to Runlevel 1 - Perform Security Audit IMMEDIATELY!!!"
    telinit 1
    echo "MD5 Checksum Database VERIFIED - Operating System OK"
    echo "Hit [enter] key for logon"
    cd /
    /bin/umount /dev/fd0

    anyway enjoy, suggestions and improvemnts are always encouraged. I know its simple but it
    sure works well and fast, and its a little more peace of mind at nite hehe.

  2. #2
    Join Date
    Oct 2001
    Wow, Simple and useful..... Makes me want to install SlackWare just to use it

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts