Plugin to check MD5 sum on certain files

Andreas Ericsson ae at op5.se
Sat Nov 6 01:47:02 CET 2004


Dan Spray wrote:
> A long time ago I used Big Brother for monitoring.  They had a check that I
> could use where I had pasted the md5sum value into a text file, burned it
> onto CD and then the current md5sum of a particular file was checked against
> the known good copy.  I would like to get something else like this again
> only using Nagios.
> 
> What I am after is if someone gets in and changes say the /bin/ls command
> that I would know about it before just finding that the command doesn't work
> anymore.
> 

Putting only the checksum files on non-writable media is just an 
exercise in futility, because anyone shrewd enough to replace your ls 
will be shrewd enough to replace your md5sum program as well. Putting 
the md5sum program as well on the disk won't work either, because with 
enough access to overwrite files in /usr/bin they would also be able to 
change the script that's supposed to run or its configuration, or 
unmount the CD and put any file they want in the directory it was 
mounted under (or create a loopback filesystem and mount read-only to 
simulate a CD) or... Well, I'm sure you see the point.

If you're really desperate to make sure files don't change (typically 
firewalls would want this), look into running a system entirely off of 
CD-ROM. There are a number of good distributions that support this. I 
think Owl is the most sensible choice for a server.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer


-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list