1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
#!/bin/bash
#
# check_checksums - Nagios plugin to check file checksums
# against (local, not 100% secure) lists.
# Supports md5 sha1 sha224 sha256 sha384 sha512 checksums.
#
#
# Copyright (C) 2013 Bernd Zeimetz <b.zeimetz@conova.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
umask 077
if [ $# -gt 0 ]; then
case $1 in
-h|--help|help)
cat << __EOH__
$0 - Nagios plugin to check file checksums
------------------------------------------
The plugin supports md5 sha1 sha224 sha256 sha384 sha512 checksums.
As the lists are stored local it is not 100% secure.
Usage:
For each file you want to monitor write the current checksum
into the stored file list. Use the checksum tool you prefer,
probably depending on your CPU power.
sha512sum /path/to/the/file >> /etc/nagios/check_checksums.sha512
sha384sum /path/to/the/file >> /etc/nagios/check_checksums.sha384
sha256sum /path/to/the/file >> /etc/nagios/check_checksums.sha256
sha224sum /path/to/the/file >> /etc/nagios/check_checksums.sha224
sha1sum /path/to/the/file >> /etc/nagios/check_checksums.sha1
md5sum /path/to/the/file >> /etc/nagios/check_checksums.md5
Set useful file permissions:
chown root:nagios /etc/nagios/check_checksums.*
chmod 0640 /etc/nagios/check_checksums.*
Run
$0
in nrpe or nagios to check if the checksums are still the same.
It will return UNKNOWN if there is no checksum file at all.
To update *ALL* stored checksums please run
/usr/lib/nagios/update_checksums
and all checksum files will be updated. A copy of the original file will
be stored in /etc/nagios.
__EOH__
exit 3
;;
esac
fi
if dpkg --compare-versions `dpkg-query -W coreutils | awk '{print $2}'` ge 8.13; then
STRICT="--strict"
else
STRICT=""
fi
RET=3
OUT="UNKNOWN"
tmp_out=`mktemp`
tmp_err=`mktemp`
trap "rm -f ${tmp_out} ${tmp_err}" EXIT
for t in md5 sha1 sha224 sha256 sha384 sha512; do
fname="/etc/nagios/check_checksums.${t}"
tool="${t}sum"
if [ -f ${fname} ]; then
if [ ${RET} -eq 3 ]; then
RET=0
OUT="OK"
fi
${tool} --quiet ${STRICT} --check ${fname} 1>>${tmp_out} 2>>${tmp_err}
err=$?
if [ ${err} -gt 0 ]; then
RET=2
OUT="CRITICAL"
fi
fi
done
if [ $RET -eq 0 ]; then
echo "OK - all checksums verified | failed=0;1;1;0;"
else
echo -n "${OUT} - "
sed 's,WARNING: ,,' ${tmp_err} | tr '\n' '/' | sed 's,/$,,'
echo
cat ${tmp_out}
count=`wc -l ${tmp_out} | awk '{print $1}'`
echo "| failed=${count};1;1;0;"
/usr/bin/logger -p user.err -t check_checksums -f ${tmp_out}
fi
rm -f ${tmp_out} ${tmp_err}
exit ${RET}
|