#!/bin/sh
#
# ========================================================================
# baseliner
# MD5 tool script to check for modified files
# Written by Simple Nomad 24Jan2000
# Comments to thegnome@bos.bindview.com
# ========================================================================
# This script should be run after any and all approved system
# modifications, otherwise the administrator will be alerted.
# ========================================================================

# ========================================================================
# We need to ensure the baseline file is created with minimal permissions.
# ========================================================================
umask 077

# ========================================================================
# Set up variables, change as needed.
# ========================================================================
MD5=/sbin/md5
TOOLDIR=/usr/local/md5-tool
BASELINE=$TOOLDIR/md5-baseline
SUID=$TOOLDIR/suid-baseline
UNAME=`uname -n`
DATE=`date`
MAILTO=`cat $TOOLDIR/mail_to | grep -v "#" | tr -s '\n' '  '`
APPS=`cat $TOOLDIR/localapps | grep -v "#" | tr -s '\n' '  '`

# ========================================================================
# Build the new suid/sgid baseline.
# ========================================================================
find / -type f -user root \( -perm -2000 -o -perm -4000 \) ! -fstype nfs | tr -s '\n' ' ' > $SUID

# ========================================================================
# Check user defined stuff from the ./localapps file. This file will have
# the stuff from /usr/bin, etc. so feel free to add to it.
# ========================================================================
for FILE in $APPS
 do
  $MD5 $FILE >> $BASELINE
done

# ========================================================================
# Check our own stuff. If someone wanted to subvert these scripts, they
# could modify any of these.
# ========================================================================
$MD5 $MD5 >> $BASELINE
$MD5 $TOOLDIR/mail_to >> $BASELINE
$MD5 $TOOLDIR/localapps >> $BASELINE
$MD5 $TOOLDIR/check_sys >> $BASELINE
$MD5 $TOOLDIR/baseliner >> $BASELINE

# ========================================================================
# Mail report out that new baseline was built. The report is a file that
# has an MD5 stamp of our new baselines. This report should be archived
# for future reference in case of future tampering.
# ========================================================================
for PEOPLE in $MAILTO
 do
  $MD5 *-baseline | mail -s "New Baselines on $UNAME $DATE" $PEOPLE
done

# ========================================================================
# End of script.
# ========================================================================