Shell Script To Track File Changes

Below shell script can be used for checking whether files in a directory is tampered or changed meanwhile. We as an administrator use it when there is high sensitive data in files or in  a server where all passwords and library files are stored.

Once run in a directory it creates a database file File_record.md5 of all files present in that directory and we keep that file for reference and we check it each weekly whether any files containing security informations are tampered. Usually it is required when you have a high volume server hosted and its online to internet.

Note: You have to run it once to get record of current status.On next run it will show if anything got changed. It uses md5sum to check.

#!/bin/bash
# integrity.sh: Checking whether files in a given directory
# have been tampered with.
E_DIR_NOMATCH=70
E_BAD_DBFILE=71
dbfile=File_record.md5
# Filename for storing records.
set_up_database ()
{
echo ""$directory"" > "$dbfile"
# Write directory name to first line of file.
md5sum "$directory"/* >> "$dbfile"
# Append md5 checksums and filenames.
}
check_database ()
{
local n=0
local filename
local checksum
# ------------------------------------------- #
# This file check should be unnecessary,
#+ but better safe than sorry.
if [ ! -r "$dbfile" ]
then
echo "Unable to read checksum database file!"
exit $E_BAD_DBFILE
fi
# ------------------------------------------- #
while read record[n]
do
directory_checked="${record[0]}"
if [ "$directory_checked" != "$directory" ]
then
echo "Directories do not match up!"
# Tried to use file for a different directory.
exit $E_DIR_NOMATCH
fi
if [ "$n" -gt 0 ] # Not directory name.
then
filename[n]=$( echo ${record[$n]} | awk '{ print $2 }' )
# md5sum writes records backwards,
#+ checksum first, then filename.
checksum[n]=$( md5sum "${filename[n]}" )
if [ "${record[n]}" = "${checksum[n]}" ]
then
echo "${filename[n]} unchanged."
else
echo "${filename[n]} : CHECKSUM ERROR!"
# File has been changed since last checked.
fi
fi
let "n+=1"
done <"$dbfile" # Read from checksum database file.
}
# =================================================== #
# main ()
if [ -z "$1" ]
then
directory="$PWD" # If not specified,
else #+ use current working directory.
directory="$1"
fi
clear # Clear screen.
# ------------------------------------------------------------------ #
if [ ! -r "$dbfile" ] # Need to create database file?
then
echo "Setting up database file, \""$directory"/"$dbfile"\"."; echo
set_up_database
fi
# ------------------------------------------------------------------ #
check_database # Do the actual work.
echo
# You may wish to redirect the stdout of this script to a file,
#+ especially if the directory checked has many files in it.
exit 0

If you get any checksum error then that file is changed when you last run the script on the same folder.

Example output:

/home/rks/dead.letter unchanged.
/home/rks/File_record.md5 : CHECKSUM ERROR!
/home/rks/Host_PortFile.txt unchanged.
/home/rks/index.php?PHPSESSID=59b38547cae43973c4f8936482276dc9;www unchanged.
/home/rks/index.php?PHPSESSID=ed8e39b7b5ad11efb7c7ee5742b70d7a;www unchanged.
/home/rks/mynewaa unchanged.
/home/rks/mynewab unchanged.
/home/rks/mynewac unchanged.
/home/rks/mynewad unchanged.
/home/rks/mynewae unchanged.
/home/rks/mynewaf unchanged.
/home/rks/mynewag unchanged.
/home/rks/mynewah unchanged.
/home/rks/mynewai unchanged.
/home/rks/mynewaj unchanged.
/home/rks/mynewak unchanged.
/home/rks/mynewal unchanged.
/home/rks/mynewam unchanged.
/home/rks/mynewan unchanged.
/home/rks/mynewao unchanged.
/home/rks/mynewap unchanged.
/home/rks/mynewaq unchanged.
/home/rks/mynewar unchanged.
/home/rks/mynewas unchanged.
/home/rks/mynewat unchanged.
/home/rks/mynewau unchanged.
/home/rks/mynewav unchanged.
/home/rks/mynewaw unchanged.
/home/rks/Script_Monitor.log unchanged.
/home/rks/shell unchanged.
/home/rks/shell1 unchanged.
/home/rks/shell.log unchanged.
/home/rks/test unchanged.
/home/rks/urllist unchanged.
/home/rks/wordfile.txt : CHECKSUM ERROR!

In case of any ©Copyright or missing credits issue please check CopyRights page for faster resolutions.