?: Directory checksum - Slackware

This is a discussion on ?: Directory checksum - Slackware ; PTM: Is there any method to see if some file is changed in a directory ? I'd like build a script, which informs me, when some file in certain directory has been edited in my server. There is about 500 ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: ?: Directory checksum

  1. ?: Directory checksum

    PTM: Is there any method to see if some file is changed in a directory ?

    I'd like build a script, which informs me, when some file in certain
    directory has been edited in my server. There is about 500 files, so I
    think it is too heavy to make a copy of them and make a file compare.

  2. Re: ?: Directory checksum

    PTM wrote:

    > Is there any method to see if some file is changed in a directory ?


    There are various ways, including process accounting, rudimentary
    methods like examining an ls listing, or more likely taking an md5sum of
    the file and comparing to a trusted value.

    > I'd like build a script, which informs me, when some file in certain
    > directory has been edited in my server. There is about 500 files, so I
    > think it is too heavy to make a copy of them and make a file compare.


    If you really want to build it, your best bet is likely to base it on
    md5sum. If you prefer just to have something that will do that job,
    have a look at Aide: http://www.cs.tut.fi/~rammer/aide.html

    I hope that helps ...

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Network and Systems analyst Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  3. Re: ?: Directory checksum

    On Tue, 22 Jan 2008, PTM wrote:

    > PTM: Is there any method to see if some file is changed in a directory ?
    >
    > I'd like build a script, which informs me, when some file in certain
    > directory has been edited in my server. There is about 500 files, so I think
    > it is too heavy to make a copy of them and make a file compare.


    md5sum !

    --
    William Hunt, Portland Oregon USA

  4. Re: ?: Directory checksum

    PTM wrote:
    > PTM: Is there any method to see if some file is changed in a directory ?
    >
    > I'd like build a script, which informs me, when some file in certain
    > directory has been edited in my server. There is about 500 files, so I
    > think it is too heavy to make a copy of them and make a file compare.


    I haven't used it myself, but you might want to look at fam (File
    Alteration Monitor) http://oss.sgi.com/projects/fam/

    It's just an API, so you'll have to make your own front end.

    Steve

  5. Re: ?: Directory checksum

    On 2008-01-22, PTM wrote:
    > PTM: Is there any method to see if some file is changed in a directory ?
    >
    > I'd like build a script, which informs me, when some file in certain
    > directory has been edited in my server. There is about 500 files, so I
    > think it is too heavy to make a copy of them and make a file compare.


    find has options for that sort of thing. You can do things like:

    find /dir -type f -mmin -20 >> /dir/logfile

    Find regular files that were modified less than 20 minutes ago in the directory
    /dir (and all subdirectories) and record the results in logfile /dir/logfile

    There are several other related options. See the TESTS section in the manpage

    Tom

    --
    calhobbit
    at gee mail dot com


  6. Re: ?: Directory checksum

    On 2008-01-22, Tom N wrote:
    > On 2008-01-22, PTM wrote:
    >> PTM: Is there any method to see if some file is changed in a directory ?
    >>
    >> I'd like build a script, which informs me, when some file in certain
    >> directory has been edited in my server. There is about 500 files, so I
    >> think it is too heavy to make a copy of them and make a file compare.

    >
    > find has options for that sort of thing. You can do things like:
    >
    > find /dir -type f -mmin -20 >> /dir/logfile
    >
    > Find regular files that were modified less than 20 minutes ago in the directory
    > /dir (and all subdirectories) and record the results in logfile /dir/logfile
    >
    > There are several other related options. See the TESTS section in the manpage
    >
    > Tom
    >


    A complete, useful script would look like this:

    ----------------
    #!/bin/bash

    # do the following until the script is terminated

    while :

    do

    echo "" >> /dir/logfile # insert a blank line for readability
    date >> /dir/logfile # insert the date and time
    find /dir -type f -mmin -20 >> /dir/logfile

    sleep 1200 # take a break for 20 minutes

    done

    ----------

    Make the script executable with:

    chomod +rx scriptname # name it whatever you like. Choose a name that will
    # tell you what the script does and put .sh after the
    # name to tell you it's a script rather than an ELF executable

    And put it in your PATH. /usr/local/bin would be a good choice

    Then you can have it come up on boot by putting the full path at the bottom
    of /etc/rc.d/rc.S

    Or you could use cron and just make the script look like this:

    ----------------------
    #!/bin/bash

    echo "" >> /dir/logfile # insert a blank line for readability
    date >> /dir/logfile # insert the date and time
    find /dir -type f -mmin -20 >> /dir/logfile
    ----------------

    Tom

    --
    calhobbit
    at gee mail dot com


  7. Re: ?: Directory checksum

    PTM wrote:
    > PTM: Is there any method to see if some file is changed in a directory ?
    >
    > I'd like build a script, which informs me, when some file in certain
    > directory has been edited in my server. There is about 500 files, so I
    > think it is too heavy to make a copy of them and make a file compare.


    Something like tripwire?
    http://www.onlamp.com/pub/a/bsd/2003...SD_Basics.html

  8. Re: ?: Directory checksum

    On 2008-01-22, PTM wrote:
    > PTM: Is there any method to see if some file is changed in a directory ?
    >
    > I'd like build a script, which informs me, when some file in certain
    > directory has been edited in my server. There is about 500 files, so I
    > think it is too heavy to make a copy of them and make a file compare.



    Using inotify-tools, you should be able to do this just fine.

    -RW

  9. Re: ?: Directory checksum -Thank you

    Robby Workman wrote:
    > Using inotify-tools, you should be able to do this just fine.

    PTM: This seems to be what I was looking for. Thank you !
    There is some scripts, who make changes to certain files and besides
    that I would like to make some security tests, because I know there is
    some leaks in my system. I'll build a kind of 'sandbox'.

+ Reply to Thread