记录命令md5值来判断命令是否被修改
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了记录命令md5值来判断命令是否被修改相关的知识,希望对你有一定的参考价值。
使用场景:操作系统安装完成后,执行下面脚本,记录命令的md5值,当命令被修改之后,再次使用脚本即可检查出来。
记录位置为该用户家目录下面的 .UserCheckCom.txt 文件(有个 点 ,是隐藏文件,需注意)
使用方法:
1.记录当前命令:sh CheckCommDDCW.sh
2.记录新增命令或被修改命令(关键词add可以替换为任意非空字符串):sh CheckCommDDCW.sh add
代码如下:
git下载:https://codeload.github.com/ddcw/shell/zip/master
#!/bin/env bash
#write by ddcw
#https://cloud.tencent.com/developer/column/6121
#scriptname:CheckCommDDCW.sh
begintime=`date +%s`
file_name=~/.UserCheckCom.txt
new_comm_n=0
change_comm_n=0
new_comm=""
change_comm=""
[ -f ${file_name} ] || touch ${file_name}
for i in $(compgen -c)
do
if which $i >/dev/null 2>&1
then
md5_n=$(md5sum $(which $i) | awk ‘{print $1}‘)
if cat ${file_name} | grep "#$i#" >/dev/null 2>&1
then
# echo $(cat ${file_name} | grep "#$i#")
md5_o=$(cat ${file_name} | grep "#$i#" | tail -1 | awk ‘{print $NF}‘)
if [ "${md5_n}" != "${md5_o}" ]
then
#echo -e "COMMD �33[1;41;33m $i �33[0m may be Changed: old_MD5: ${md5_o} new_MD5: ${md5_n}"
[ -z $1 ] || echo -e "#${i}# $(date +%Y%m%d-%H:%M:%S) ${md5_n}" >> ${file_name}
change_comm_n=$[ ${change_comm_n} + 1]
change_comm="${change_comm} ${i}"
fi
else
if [ "${i}" != ‘[‘ ]
then
new_comm_n=$[ ${new_comm_n} + 1]
new_comm="${new_comm} ${i}"
#echo -e "�33[32;40m$i �33[0m"
echo -e "#${i}# $(date +%Y%m%d-%H:%M:%S) ${md5_n}" >> ${file_name}
fi
fi
fi
done
echo ""
if [ ${new_comm_n} -gt 0 ]
then
echo -e "�33[31;40m Total Add ${new_comm_n} commd �33[0m"
echo "${new_comm}"
else
echo -e "�33[32;40m No Command Added ,It‘s Seccurity!�33[0m
"
fi
if [ ${change_comm_n} -gt 0 ]
then
echo -e "�33[31;40m Total Changed ${change_comm_n} commd �33[0m"
echo "${change_comm}"
else
echo -e "�33[32;40m No Command Changed ,It‘s Seccurity!�33[0m"
fi
endtime=`date +%s`
costm=`echo ${begintime} ${endtime} | awk ‘{print ($2-$1)/60}‘`
echo -e "
�33[32;40m `date +%Y%m%d-%H:%M:%S` cost ${costm} minutes�33[0m"以上是关于记录命令md5值来判断命令是否被修改的主要内容,如果未能解决你的问题,请参考以下文章