#!/bin/bash # # Script to create 256bit SHA sums of all executable directories ## # These are then encrypted to help prevent tampering, and will then be burnt to disk # Set this to your preferred sum generator, I prefer sha256sum SUMCHECKER="sha256sum" create_full_system () { clear echo "Ensure you have nothing running before continuing (Also make sure you are running as root)" echo "Especially if you have configured the script to check backups, you may have failed checksums at a later date if a file was being modified when we generated our sum" echo "" echo "MOST IMPORTANT: ONLY RUN THIS SCRIPT IF YOU TRUST YOUR SYSTEM" echo "Theres no point in generating sums for programs that are already compromised!!!!!" echo "" echo "Press Enter to continue" read WAITAMINUTETHEREYOUNGMAN echo "" # Create the SHA Sums mount /boot sha256sum /boot/* >> /tmp/boot.sha umount /boot $SUMCHECKER /bin/* >> /tmp/bin.sha $SUMCHECKER /sbin/* >> /tmp/sbin.sha $SUMCHECKER /usr/bin/* >> /tmp/usrbin.sha $SUMCHECKER /usr/sbin/* >> /tmp/usrsbin.sha $SUMCHECKER /usr/kde/3.4/bin/* >> /tmp/usrkdebin.sha $SUMCHECKER /usr/local/bin/* >> /tmp/usrlocalbin.sha $SUMCHECKER /opt/bin/* >> /tmp/optbin.sha $SUMCHECKER /usr/i386-pc-linux-gnu/gcc-bin/3.3.6/* >> /tmp/usri386gccbin.sha $SUMCHECKER /opt/blackdown-jdk-1.4.2.03/bin/* >> /tmp/optblackdownbin.sha $SUMCHECKER /opt/blackdown-jdk-1.4.2.03/jre/bin/* >> /tmp/optblackdownjrebin.sha $SUMCHECKER /usr/qt/3/bin/* >> /tmp/usrqt3bin.sha $SUMCHECKER /usr/kde/3.4/bin/* >> /tmp/usrkde3.4bin.sha $SUMCHECKER /usr/kde/3.3/bin/* >> /tmp/usrkde3.3bin.sha $SUMCHECKER /usr/games/bin/* >> /tmp/usrgamesbin.sha $SUMCHECKER /opt/limewire/* >> /tmp/optlimewire.sha $SUMCHECKER /mnt/exthd/backup/* >> /tmp/backups.sha echo "$PATH" >> /tmp/Pathdetails $SUMCHECKER /tmp/Pathdetails >> /tmp/PATHDETAILS.shainfo rm -f /tmp/Pathdetails # Sums created create_cd_full } create_cd_full () { # Once they are generated it makes the CD mkdir /tmp/shas echo "$DATE" > /tmp/shas/CORRECT_AT.TXT mv /tmp/PATHDETAILS.shainfo /tmp/shas/ cat /tmp/*.sha > /tmp/shas/db.sha rm /tmp/*.sha -f cd /tmp/shas/ $SUMCHECKER db.sha > database.sha cp $0 /tmp/shas/ cd / # Now create the Verification script /bin/cat << EOM > /tmp/shas/Verify_sigs.sh #!/bin/bash # # SHA Sum checker based on previously created Database clear echo "Remember, this program will neither detect or check new programs" echo "If it isn't in the database, it won't be checked" echo "" echo "Press Enter to begin checking the system (remember this will take a while)" read TEMP X=0 STOREDSUM=\$( awk -F\ '{print \$1}' database.sha ) $SUMCHECKER db.sha > /tmp/sha.temp2 CURRENT=\$( awk -F\ '{print \$1}' /tmp/sha.temp2 ) echo "\$CURRENT" > /tmp/sha.temp rm /tmp/sha.temp2 -f echo "\$STOREDSUM" > /tmp/sha1.tmp diff -y --suppress-common-lines /tmp/sha.temp /tmp/sha1.tmp > /dev/null if [ "\$?" != "0" ] then # Files are not identical, but double check to be certain echo "......FAILED - Database Integrity Compromised, Aborting" rm -f /tmp/sha.temp rm -f /tmp/sha1.tmp exit fi mount /boot while read -r a do X=\$(( \$X + 1 )) echo "\$a" > /tmp/sha.tmp FILEREF=\$( awk -F\ '{print \$2}' /tmp/sha.tmp ) STOREDSUM=\$( awk -F\ '{print \$1}' /tmp/sha.tmp ) echo -n "Checking \$FILEREF............." # generate new sums $SUMCHECKER "\$FILEREF" > /tmp/sha.temp # Get new sum into memory CURRENTSUM=\$( awk -F\ '{print \$1}' /tmp/sha.temp ) # write them to files to compate echo "\$CURRENTSUM \$FILEREF" > /tmp/sha.temp echo "\$STOREDSUM \$FILEREF" > /tmp/sha1.tmp # Do the sums differ? diff -y --suppress-common-lines /tmp/sha.temp /tmp/sha1.tmp > /dev/null if [ "\$?" != "0" ] then # Files are not identical, but double check to be certain echo -n "..Rechecking" $SUMCHECKER "\$FILEREF" > /tmp/sha.temp # Get new sum into memory CURRENTSUM=\$( awk -F\ '{print \$1}' /tmp/sha.temp ) # write them to files to compate echo "\$CURRENTSUM \$FILEREF" > /tmp/sha.temp echo "\$STOREDSUM \$FILEREF" > /tmp/sha1.tmp # Do the sums differ? diff -y --suppress-common-lines /tmp/sha.temp /tmp/sha1.tmp > /dev/null if [ "\$?" != "0" ] then # Files are definitely not identical echo "......FAILED" echo "Checking \$FILEREF.............FAILED" >> /tmp/sha.results else # Files are identical echo "......Done" fi else # Files are identical echo "......Done" fi rm /tmp/sha.temp -f rm /tmp/sha1.tmp -f done < db.sha # Check PATH hasnt changed echo -n "Checking details of PATH.........." echo "\$PATH" > /tmp/pathdetails $SUMCHECKER /tmp/pathdetails > /tmp/pathdetails.result rm -f /tmp/pathdetails STOREDSUM=\$( awk -F\ '{print \$1}' /tmp/pathdetails.result ) echo "\$STOREDSUM" > /tmp/sha.tmp STOREDSUM=\$( awk -F\ '{print \$1}' PATHDETAILS.shainfo ) echo "\$STOREDSUM" > /tmp/sha1.temp diff -y --suppress-common-lines /tmp/sha.temp /tmp/sha1.tmp > /dev/null if [ "\$?" != "0" ] then # Files are definitely not identical echo "...... FAILED" echo "Checking PATH Details......... FAILED" >> /tmp/sha.results else echo "......Done" fi rm /tmp/sha.temp -f rm /tmp/sha1.tmp -f if [ -e /tmp/sha.results ] then echo "SHA256 Sum Failed - \$X Files Checked" > /tmp/sha.results.final echo "" >> /tmp/sha.results.final echo "" >> /tmp/sha.results.final cat /tmp/sha.results >> /tmp/sha.results.final echo "" >> /tmp/sha.results.final echo "Your system may be compromised" rm /tmp/sha.results -f cat /tmp/sha.results.final | less echo "" echo "Some checks failed - Report stored at /tmp/sha.results.final" else echo "" echo "No differences found - \$X Files Checked" fi umount /boot exit EOM # Make it executable chmod +x /tmp/shas/Verify_sigs.sh # Create the CD Image mkisofs -iso-level 3 -o /tmp/shas.iso /tmp/shas/ # Tidy up rm -rf /tmp/shas/ # Add some code using cdrdao to burn the image to CD # On my TODO list. Logically speaking, we don't want to leave # the image lying around on the server, otherwise an attacker could # re-generate the Image once they have made their changes exit } DATE=$( date ) if [ "$1" == "--full" ] then create_full_system fi # There will be other options here, at some point # such as adding individual files to an existing database # Print usage information /bin/cat << EOM SHA Archive V0.1 Copyright Ben Tasker 2009. Released under the GNU GPL See Http://benscomputer.no-ip.org/LICENSE for information Usage: $0 [OPTIONS] Options: --full Create a full database --help Print this text To be Implemented later: --add [PATH] [DATABASE] Add file at specified path to specified database file (not implemented yet) --addfiles [FILE] [DATABASE] Add all files specified in given file to the specified database file (not implemented yet) Example: $0 --add /bin/bash /home/database/db.sha Add checksum for /bin/bash to the database located at /home/database/db.sha $0 --addfiles /home/$USER/mytextlist /home/database/db.sha Add checksums for all files in specified list to database located at /home/database/db.sha Text Files: Files specified using addfiles must be simple text files. Their contents much define the full path to each program they wish to be examined. Each file gets its own line. Sample Text file: /bin/bash /bin/grep /bin/egrep And so on. EOM