Plugin to check MD5 sum on certain files
Andreas Ericsson
ae at op5.se
Sat Nov 6 01:47:02 CET 2004
Dan Spray wrote:
> A long time ago I used Big Brother for monitoring. They had a check that I
> could use where I had pasted the md5sum value into a text file, burned it
> onto CD and then the current md5sum of a particular file was checked against
> the known good copy. I would like to get something else like this again
> only using Nagios.
>
> What I am after is if someone gets in and changes say the /bin/ls command
> that I would know about it before just finding that the command doesn't work
> anymore.
>
Putting only the checksum files on non-writable media is just an
exercise in futility, because anyone shrewd enough to replace your ls
will be shrewd enough to replace your md5sum program as well. Putting
the md5sum program as well on the disk won't work either, because with
enough access to overwrite files in /usr/bin they would also be able to
change the script that's supposed to run or its configuration, or
unmount the CD and put any file they want in the directory it was
mounted under (or create a loopback filesystem and mount read-only to
simulate a CD) or... Well, I'm sure you see the point.
If you're really desperate to make sure files don't change (typically
firewalls would want this), look into running a system entirely off of
CD-ROM. There are a number of good distributions that support this. I
think Owl is the most sensible choice for a server.
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Lead Developer
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list