integrity is simple script for checking system integrity and generating integrity hash files using mtree
- Before starting, set seed value to KEY variable. This can be ~20 digit number.
./integrity gen <path to directory>
sample command:
./integrity gen /int_sam
- This will generate hash files
hash_bin,hash_sbin,hash_etcandhash_usrin/int_samdirectory. This hash files will contain hash of all files contained in/bin,/sbin,/etcand/usr. - If integrity is started with gen parameter with folder that already contains
hash_bin,hash_sbin,hash_usr,hash_etc. Those files will be moved to folder namedold_hash. - After every process of generating hash files, integrity will log status activity to /var/log/messages
Dec 11 13:22:14 SampleMachine [Integrity]: Generating new integrity hash files... Hash files location: /int_sam/. hash functions: cksum,md5digest,sha1digest,sha256digest
Dec 11 13:26:01 SampleMachine [Integrity]: Generating new integrity hash files completed!
- More folders will be added later, or more specifically option to add more folders.
- Now integrity also checks bsd.rd and bsd.sp hash
./integrity ver <path to directory>
sample command:
./integrity ver /int_sam
- If folder contains hash files
hash_bin,hash_sbin,hash_etc,hash_usr, integrity will check the integrity of all files contained in/bin,/sbin,/etcand/usr, and will report changes and status to root with mail. - Same as
genargument,verwill log activity /var/log/messages
- integrity.sh needs to be in / (root dir) for installation to work
- Integrity can be started on boot, and verify all files and changes in specified folders.
./integrity install <path to directory>
sample command:
./integrity install /int_sam
- This will add
./integrity ver /int_samtorc.localfile, which will run verification on every boot