https://github.com/xunillen2/openbsd-integrity
Small script to check openbsd system integrity
https://github.com/xunillen2/openbsd-integrity
integrity integrity-checker openbsd openbsd-scripts
Last synced: 25 days ago
JSON representation
Small script to check openbsd system integrity
- Host: GitHub
- URL: https://github.com/xunillen2/openbsd-integrity
- Owner: xunillen2
- License: mit
- Created: 2022-12-19T15:07:37.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-12-26T15:38:35.000Z (over 2 years ago)
- Last Synced: 2025-02-13T08:52:41.684Z (3 months ago)
- Topics: integrity, integrity-checker, openbsd, openbsd-scripts
- Language: Shell
- Homepage:
- Size: 9.77 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# openbsd-integrity
integrity is simple script for checking system integrity and generating integrity hash files using [mtree](https://man.openbsd.org/mtree.8)
## Usage
* Before starting, set seed value to KEY variable. This can be ~20 digit number.
### Generating hash files
```
./integrity gen
```
sample command:
```
./integrity gen /int_sam
```
* This will generate hash files `hash_bin`, `hash_sbin`, `hash_etc` and `hash_usr` in `/int_sam` directory. This hash files will contain hash of all files contained in `/bin`,`/sbin`, `/etc` and `/usr`.
* If integrity is started with gen parameter with folder that already contains `hash_bin`, `hash_sbin`, `hash_usr`, `hash_etc`. Those files will be moved to folder named `old_hash`.
* After every process of generating hash files, integrity will log status activity to /var/log/messages
```
Dec 11 13:22:14 SampleMachine [Integrity]: Generating new integrity hash files... Hash files location: /int_sam/. hash functions: cksum,md5digest,sha1digest,sha256digest
Dec 11 13:26:01 SampleMachine [Integrity]: Generating new integrity hash files completed!
```
* _More folders will be added later, or more specifically option to add more folders._
* _Now integrity also checks bsd.rd and bsd.sp hash_
### Verifying files
```
./integrity ver
```
sample command:
```
./integrity ver /int_sam
```
* If folder contains hash files `hash_bin`, `hash_sbin`,`hash_etc`, `hash_usr`, integrity will check the integrity of all files contained in `/bin`,`/sbin`, `/etc` and `/usr`, and will report changes and status to root with mail.
* Same as `gen` argument, `ver` will log activity /var/log/messages
### On boot verification - broken
* **integrity.sh needs to be in / (root dir) for installation to work**
* Integrity can be started on boot, and verify all files and changes in specified folders.
```
./integrity install
```
sample command:
```
./integrity install /int_sam
```
* This will add `./integrity ver /int_sam` to `rc.local` file, which will run verification on every boot