3.
透过相同的机制去½立后续的分析数据为
finger_new.file
,并½两者½行比对,若有问题则提供
email
给
root
查阅:
[root@study ~]#
vim md5.checkfile.sh
#!/bin/bash
if [ "$1" == "new" ]; then
for filename in $(cat important.file)
do
md5sum $filename >> finger1.file
done
echo "New file finger1.file is created."
exit 0
fi
if [ !
-
f finger1.file ]; then
echo "file: finger1.file NOT exist."
exit 1
fi
[
-
f finger_new.file ] && rm finger_new.file
for filename in $(cat important.file)
do
md5sum $filename >> finger_new.file
done
testing=$(diff finger1.file finger_new.file)
if [ "$testing" != "" ]; then
diff finger1.file finger_new.file | mail
-
s 'finger trouble..' root
fi
[root@study ~]#
vim /etc/crontab
30 2 * * * root cd /root;
sh md5.checkfile.sh
如此一来,每天系统会主动的去分析你认为重要的文件之指纹数据,然后再加以分析,看看有没有
被更动过。
不过,如果该变动是正常的,例如
CentOS
自动的升级时,那么你就得要删除
finger1.file
,
再重新½置一个新的指纹数据库才行!否则你会每天收到有问题信件的回报喔!
21.9
参考数据与延伸阅读
.
注
1
:
GNU
的
make
网页:
http://www.gnu.org/software/make/manual/make.html
.
几种常见加密机制的全名:
md5 (Message-Digest algorithm 5)
http://en.wikipedia.org/wiki/MD5
sha (Secure Hash Algorithm)
http://en.wikipedia.org/wiki/SHA_hash_functions
des (Data Encryption Standard)
http://en.wikipedia.org/wiki/Data_Encryption_Standard
