#!/bin/sh
#
# =======================================================================
# check_sys
# MD5 tool script to check for modified files
# Written by Simple Nomad 24Jan2000
# Comments to thegnome@bos.bindview.com
# =======================================================================
# This script should be run from cron on a nightly basis to check for
# modified files.
# =======================================================================

# =======================================================================
# Practice safe temp file creation
# =======================================================================
umask 077

# =======================================================================
# Set up variables, change as needed
# =======================================================================
MD5=/sbin/md5
TOOLDIR=/usr/local/md5-tool
BASELINE=$TOOLDIR/md5-baseline
UNAME=`uname -n`
MAILTO=`cat $TOOLDIR/mail_to | grep -v "#" | tr -s '\n' '  '`
APPS=`cat $TOOLDIR/localapps | grep -v "#" | tr -s '\n' '  '`
LOG=$TOOLDIR/md5log$$
RPT=$TOOLDIR/md5rpt$$

# ========================================================================
# Check user defined stuff from the ./localapps file. This file will have
# the stuff from /usr/bin, etc. so feel free to add to it.
# ========================================================================
for FILE in $APPS
 do
  $MD5 $FILE >> $LOG
done

# ========================================================================
# Check our own stuff. If someone wanted to subvert these scripts, they
# could modify any of these.
# ========================================================================
$MD5 $MD5 >> $LOG
$MD5 $TOOLDIR/mail_to >> $LOG
$MD5 $TOOLDIR/localapps >> $LOG
$MD5 $TOOLDIR/check_sys >> $LOG
$MD5 $TOOLDIR/baseliner >> $LOG

# ========================================================================
# Now we compare the results to our baseline. If there are differences, we
# need to mail these differences to the appropriate people. Otherwise we
# do nothing.
# ========================================================================
DIFF=`diff $LOG $BASELINE`
if [ X = X$DIFF ]; then
	rm $LOG  # If clean, simply remove the log file
else             # Otherwise mail the report
	echo "MD5 Report shows problems!" > $RPT
        echo $DIFF >> $RPT
        for PEOPLE in $MAILTO
         do
          cat $RPT | mail -s "MD5 Exceptions on $UNAME" $PEOPLE
        done
	rm $RPT $LOG
fi

# ========================================================================
# End of script.
# ========================================================================
