Plugin to check MD5 sum on certain files

[Andreas Ericsson]

Dan Spray wrote:
> Okay, with all of that sorted out does anyone actually have an idea for a
> plugin?

Look into the mtree source and hack it up to fit your purpose.

>  I understand that it will not be 100% accurate 100% of the time.

Yes it will, provided noone (clever enough) breaks in.

> However, like Leif said in one of the threads, of the couple of systems that
> I have had infected over the years I have never had anyone overwrite the
> md5sum.

Did you really bother to look for rootkits or compromises (with external 
known-to-be-good binaries) as long as the checksum tests returned OK?

If so, I guess your workload must be about half that of the admin in 
general, or that you're working at a bank or something similar.

>  I'm not opposed to using another method, it is just what Big
> Brother had used.

A poor design choice isn't made better because people use it.

>  Basically I am not looking for a catch all or a false
> sense of security, I just want to know quickly if even my junior sysadmin
> messed up and installed the wrong package or upgraded the wrong thing.

Then look into wrapping mtree in perl/shell/ruby/whatever. It should be 
enough to safeguard against admin stupidity.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer


-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null