On Mon, Aug 11, 2003 at 09:02:15PM -0400, Jeff Kinz wrote:
> > I run a regular rpmverify script to automatically go through every
> > installed package and e-mail a report. It's much less management than
> > tripwire (although not quite as effective). Let me know if you want the
> > script.
>
>
> If its not too long, Ed could you post it to the list?
>
> I usually find just seeing good scripts to be educational. And many
> times I add them to my collection: "Pile O' Stuff Thats useful"
It's attached. It came to me as an old Mandrake src rpm containing just
the script, but I did an rpmfind and can only find an older version than
what I've got.
Enjoy!
.../Ed
--
Ed Wilts, Mounds View, MN, USA
mailto:[EMAIL PROTECTED]
Member #1, Red Hat Community Ambassador Program
#!/bin/sh
# $Id: rpmverify.sh,v 0.5-1 1999/03/01 13:00:23 scamper Exp $
#
# This script was written by Garen Erdoisa to verify the installed redhat rpm
# packages once a month under the control of the root crontab. The script
# should be located at /etc/cron.monthly/rpmverify in a redhat 5.x install.
# for more information on redhat linux, see http://www.redhat.com/
#
# See the changelog in the rpm package for version information.
#
# Copyright 1997-1999 by Garen L. Erdoisa
# Licence Terms: GNU General Public Licence Version 2 as published
# by the Free Software Foundation.
# Permission is granted to freely use, distribute, and/or modify this script
# for use on your system provided that credits to the author are maintained.
# The author can be contacted at the following email addresses:
# [EMAIL PROTECTED]
# [EMAIL PROTECTED]
TMPDIR=/tmp/rpmverify.$$.$RANDOM
CALL=`ps $PPID |grep run-parts |awk '{print $6}'`
echo "/etc/cron.monthly/rpmverify"
if ! [ -d $TMPDIR ]; then
{
echo "creating directory $TMPDIR"
mkdir -p $TMPDIR
chown root.root $TMPDIR
chmod 750 $TMPDIR
}
else
{
echo "Unexpected error: $TMPDIR directory already exists, "
echo "rpmverify expects this directory to not exist before"
echo "it runs the rpm verification."
echo "Try examining the contents of $TMPDIR then"
echo "possibly remove it and run this script again manually."
echo "rpmverify Aborted."
exit 1
}
fi
cd $TMPDIR
# Uncomment only one of the following:
# Alternate verify method as user nobody that allows verify scripts that are
# a part of the rpm to be run somewhat safely.
# rpm -qa --queryformat "echo \'---------\' ; echo \'Verifying
%{GROUP}/%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}.rpm\ as user nobody' ; su -l nobody -c
\"rpm -Vv %{NAME}-%{VERSION}-%{RELEASE}\" ; sleep 1 ; if \[ -f core \]; then exit 1 ;
fi\n" |sort >$TMPDIR/rpmverify.script
# Normal verify method as root with the --noscripts switch to avoid trojan verify
# scrips that may be built into the rpm being verified.
rpm -qa --queryformat "echo \'---------\' ; echo \'Verifying
%{GROUP}/%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}.rpm --noscripts\' ; rpm -Vv --noscripts
%{NAME}-%{VERSION}-%{RELEASE} ; sleep 1 ; if \[ -f core \]; then exit 1 ; fi\n" |sort
>$TMPDIR/rpmverify.script
# uncomment this if you want a normail verify as root with the verification
# scripts that are built into the rpm packages to run.
# This is a possible security risk.
# rpm -qa --queryformat "echo \'---------\' ; echo \'Verifying
%{GROUP}/%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}.rpm\' ; rpm -Vv
%{NAME}-%{VERSION}-%{RELEASE} ; sleep 1 ; if \[ -f core \]; then exit 1 ; fi\n" |sort
>$TMPDIR/rpmverify.script
chmod u+x $TMPDIR/rpmverify.script
nice -n 10 $TMPDIR/rpmverify.script 2>&1 |cat >$TMPDIR/temp2
if [ -f $TMPDIR/core ]; then
{
echo "core dumpped while executing $TMPDIR/rpmverify.script"
echo "suggest rpm --install --force on the rpm package that caused the coredump
during verify."
echo "script aborted."
vdir $TMPDIR/core
exit 1
}
else
{
(
echo "S File size"
echo "M Mode (includes permissions and file type)"
echo "5 MD5 checksum"
echo "D DeviceD"
echo "L Symlink"
echo "U User"
echo "G Group"
echo "T Modification Time"
echo " c File is a modified Config file"
) 2>&1 |cat >$TMPDIR/temp3
if [ "$CALL" = "/usr/bin/run-parts" ]; then
# the mail will be sent by crontab
cat $TMPDIR/temp3
cat $TMPDIR/temp2
else
# we were called manually, so have to mail the results.
(
cat $TMPDIR/temp3
cat $TMPDIR/temp2
) 2>&1 |mail -s "manual rpmverify" root
fi
#cleanup
rm -f $TMPDIR/temp2 $TMPDIR/temp3 $TMPDIR/rpmverify.script
cd /root
find /tmp -type d -links 2 -maxdepth 1 -path "$TMPDIR" -exec echo
"/etc/cron.monthly/rpmverify: cleanup - removing empty directory {}" \; -exec rmdir {}
\;
}
fi
exit 0
