動作は単純だが、初めからのフルスクラッチだと、大儀なので忘備録として掲載しておく。
crontab(1) に突っ込む際にコンテンツファイルの読みだし権限のある、ユーザーで回す事。
ex. crontab -u www
デフォルトだと、監視対象のディレクトリは以下の通り。
www/example.co.jp/cgi-bin
www/example.co.jp/data
ログ置き場ディレクトリは以下の通り。
/var/log/tamperingdetection/
crontab
MAILTO=管理者のメールアドレス
TZ=JST-09 #必要なら日本標準時でメール送信
0,30 * * * * /usr/local/bin/CHECKSUM.sh
10,40 * * * * /usr/local/bin/DELETESUM.sh
@daily /usr/local/bin/LOGROTATE.sh
/usr/local/bin/CHECKSUM.sh
#!/bin/sh
#
# Web data tamper monitoring script
# 2016/01/15 by JE3KMZ
# 2016/02/01 modify JE3KMZ
# Excluded "other_status/index.html"
#
trap 'cleanExit 0' INT
oldfiles=${TMP:-/tmp}/_mente_OLDFILES.$$
newfiles=${TMP:-/tmp}/_mente_NEWFILES.$$
lostfiles=${TMP:-/tmp}/_mente_LOSTFILES.$$
makefiles=${TMP:-/tmp}/_mente_MAKEFILES.$$
allfiles=${TMP:-/tmp}/_mente_ALLFILES.$$
lostoutput=${TMP:-/tmp}/_mente_LOSTOUTPUT.$$
makeoutput=${TMP:-/tmp}/_mente_MAKEOUTPUT.$$
cleanExit() {
/bin/rm -f ${oldfiles} ${newfiles} ${lostfiles} ${makefiles} ${allfiles} ${lostoutput} ${makeoutput}
exit ${1:-0}
}
NOW=`/usr/bin/env TZ=JST-09 /bin/date +'%Y%m%d%H%M'`
OLD=`/usr/bin/env TZ=JST-09 /bin/date -v-30M +'%Y%m%d%H%M'`
DATANOW=/var/log/tamperingdetection/${NOW}-datadir.sum
CGINOW=/var/log/tamperingdetection/${NOW}-cgidir.sum
DATAOLD=/var/log/tamperingdetection/${OLD}-datadir.sum
CGIOLD=/var/log/tamperingdetection/${OLD}-cgidir.sum
cd /www/example.co.jp/data && /usr/bin/find * -type f -exec /sbin/sha256 -r "{}" \+ 2> /dev/null | /usr/bin/grep -v "other_status/index.html" > ${DATANOW}
cd /www/example.co.jp/cgi-bin && /usr/bin/find * -type f -exec /sbin/sha256 -r "{}" \+ 2> /dev/null | /usr/bin/grep -v "other_status/index.html" > ${CGINOW}
/usr/bin/diff -up ${DATAOLD} ${DATANOW} 2> /dev/null | /usr/bin/tail +3 | /usr/bin/grep "^-" | /usr/bin/sed 's|^-||' > ${oldfiles}
/usr/bin/diff -up ${CGIOLD} ${CGINOW} 2> /dev/null | /usr/bin/tail +3 | /usr/bin/grep "^-" | /usr/bin/sed 's|^-||' >> ${oldfiles}
/usr/bin/diff -up ${DATAOLD} ${DATANOW} 2> /dev/null | /usr/bin/tail +3 | /usr/bin/grep "^\+" | /usr/bin/sed 's|^+||' > ${newfiles}
/usr/bin/diff -up ${CGIOLD} ${CGINOW} 2> /dev/null | /usr/bin/tail +3 | /usr/bin/grep "^\+" | /usr/bin/sed 's|^+||' >> ${newfiles}
/usr/bin/diff -up ${oldfiles} ${newfiles} | /usr/bin/tail +3 | /usr/bin/grep "^-" | /usr/bin/sed 's|^-||' > ${lostfiles}
/usr/bin/diff -up ${oldfiles} ${newfiles} | /usr/bin/tail +3 | /usr/bin/grep "^\+" | /usr/bin/sed 's|^+||' > ${makefiles}
/bin/cat ${lostfiles} ${makefiles} | /usr/bin/sort +2 | /usr/bin/uniq -u +2 > ${allfiles}
if [ -s ${allfiles} ] ; then
/bin/echo 変更されたファイル
/usr/bin/awk '{print $2}' ${allfiles} | /usr/bin/sort | /usr/bin/uniq
/bin/echo
fi
/usr/bin/sort ${allfiles} ${lostfiles} | /usr/bin/uniq -d | /usr/bin/awk '{print $2" "$1}' > ${lostoutput}
if [ -s ${lostoutput} ] ; then
/bin/echo 無くなったファイル
/bin/cat ${lostoutput}
/bin/echo
fi
/usr/bin/sort ${allfiles} ${makefiles} | /usr/bin/uniq -d | /usr/bin/awk '{print $2" "$1}' > ${makeoutput}
if [ -s ${makeoutput} ] ; then
/bin/echo 増えたファイル
/bin/cat ${makeoutput}
/bin/echo
fi
cleanExit 0
/usr/local/bin/DELETESUM.sh
#!/bin/sh
#
# Web data tamper monitoring script
# 2016/01/15 by JE3KMZ
#
NOW=`/usr/bin/env TZ=JST-09 /bin/date -v-10M +'%Y%m%d%H%M'`
OLD=`/usr/bin/env TZ=JST-09 /bin/date -v-40M +'%Y%m%d%H%M'`
DATANOW=/var/log/tamperingdetection/${NOW}-datadir.sum
CGINOW=/var/log/tamperingdetection/${NOW}-cgidir.sum
DATAOLD=/var/log/tamperingdetection/${OLD}-datadir.sum
CGIOLD=/var/log/tamperingdetection/${OLD}-cgidir.sum
( /usr/bin/diff -q ${DATAOLD} ${DATANOW} 1> /dev/null && /bin/rm -f ${DATAOLD} )
( /usr/bin/diff -q ${CGIOLD} ${CGINOW} 1> /dev/null && /bin/rm -f ${CGIOLD} )
exit 0
/usr/local/bin/LOGROTATE.sh
#!/bin/sh
#
# Web data tamper monitoring script
# 2016/01/15 by JE3KMZ
# 2017/05/18 modify JE3KMZ
#
NOW=`/usr/bin/env TZ=JST-09 /bin/date -v-1d +'%Y%m%d'`
OLD=`/usr/bin/env TZ=JST-09 /bin/date -v-2d +'%Y%m%d'`
LASTMONTH=`/usr/bin/env TZ=JST-09 /bin/date -v-1m +'%Y%m'`
LASTMONTHDAY=`/usr/bin/env TZ=JST-09 /bin/date -v-1m -v-1d +'%Y%m%d'`
LASTYEAR=`/usr/bin/env TZ=JST-09 /bin/date -v-1m +'%Y'`
cd /var/log/tamperingdetection && /usr/bin/bsdtar \
--create \
--xz \
--numeric-owner \
--options=xz:compression-level=9 \
--file /var/log/tamperingdetection/${NOW}.tar.xz ${NOW}*.sum
/bin/rm -f /var/log/tamperingdetection/${OLD}*.sum
cd /var/log/tamperingdetection && /usr/bin/bsdtar \
--create \
--xz \
--numeric-owner \
--options=xz:compression-level=9 \
--file ${LASTMONTH}.tar.xz ${LASTMONTH}??.tar.xz
#/bin/rm -f /var/log/tamperingdetection/${LASTMONTHDAY}.tar.xz
exit 0