st_snapshot(1)
NAME
st_snapshot - calculate md5sum and stat ownership and permissions of
files
SYNOPSIS
st_snapshot patterns homepatterns
DESCRIPTION
st_snapshot calculates md5sums and stats ownership and permissions of
critical system files.
This script is typically run in either root-mode or public-mode.
Running this script in root-mode requires root priviliges. One is
adviced to set up a dedicated user account for running this script in
public mode.
In root-mode, the files snapshot_root.list and snapshot_root.homelist
are typically passed as arguments. These pattern files are read by the
script and contain names of files and directories; listing a directory
in such a pattern file is equivalent to listing all files which live in
the directorytree with this directory as root.
- snapshot_root.list could e.g. read
- # snapshot_root.list - files and directories we wanna get
# monitored: we wanna get a note once these files, or any file
# under these directories, gets created, gets rm-ed, gets
# permissions or contents changed. these notices will not
# include the possibly secret contents of these files
#
# this file gets read by st_systraq
/etc/group
/etc/gshadow
/etc/hosts.allow
/etc/hosts.deny
/etc/hosts.equiv
/etc/lilo.conf
/etc/passwd
/etc/postfix/server.pem
/etc/shadow
/etc/skel
/etc/ssh - Equivalent files snapshot_pub.list and snapshot_pub.homelist should be
on the system. These files should contain all worldreadable to be
monitored files. This allows for running this script as root only in those cases where it's needed: when reading files, readable for root
only. - The homelist files contain files and directories which should get
monitored for every homedirectory on the system. snapshot_pub.homelist could e.g. contain:
.profile
.cshrc
.tcshrc
.login
.logout
.bash_profile
.bashrc
.exrc
.nexrc- As a special case, when the environment variable ST_OPHOMES is set to a
non-empty string (typically when running in public mode), we stat the
permissions on all homedirectories themselves. - The produced snapshot is printed to stdout. The output when running in public mode could look like:
# ownership and permissions of homedirs
drwxr-xr-x root root /bin
drwxr-xr-x root root /dev
drwxr-sr-x root staff /home
drwxr-sr-x joostvb joostvb /home/joostvb
drwxr-xr-x root root /usr/sbin
drwxr-xr-x root root /var
# md5sums of critical pub files
12fedad56e5d3299903e7bb976c92a13 /home/joostvb/.screenrc
f4f47caf109051c9a6ddea285498d9db /home/joostvb/.emacs
3dbe7d4247808407be6b31812d7eed8a /home/joostvb/.exrc
4bdc3ac71b5539dbdd278e51462de5db /var/qmail/alias/.bashrc
936fe20fd7fadf2cc0935f400fc0ef38 /etc/zlogin
# ownership and permissions of critical pub files
-rw-rw-r-- joostvb joostvb /home/joostvb/.screenrc
-rw-r--r-- joostvb joostvb /home/joostvb/.vimrc
ENVIRONMENT
ST_OPHOMES - non-empty in case permissions on all homedirectories
should be printed
SEE ALSO
The systraq manual.
VERSION
This manpage: $Id: st_snapshot.pod 180 2005-01-23 17:54:03Z lfousse $
COPYRIGHT
Copyright (C) 2001, 2002, 2003, 2004 Joost van Baal
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program (see COPYING); if not, check with
http://www.gnu.org/copyleft/gpl.html or write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
AUTHOR
- Joost van Baal <joostvb-systraq-20041015@mdcc.cx>