Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/xunillen2/openbsd-integrity

Small script to check openbsd system integrity
https://github.com/xunillen2/openbsd-integrity

integrity integrity-checker openbsd openbsd-scripts

Last synced: 9 days ago
JSON representation

Small script to check openbsd system integrity

Host: GitHub
URL: https://github.com/xunillen2/openbsd-integrity
Owner: xunillen2
License: mit
Created: 2022-12-19T15:07:37.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2022-12-26T15:38:35.000Z (almost 2 years ago)
Last Synced: 2024-09-22T20:02:32.653Z (13 days ago)
Topics: integrity, integrity-checker, openbsd, openbsd-scripts
Language: Shell
Homepage:
Size: 9.77 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# openbsd-integrity
integrity is simple script for checking system integrity and generating integrity hash files using [mtree](https://man.openbsd.org/mtree.8)

## Usage
* Before starting, set seed value to KEY variable. This can be ~20 digit number.

### Generating hash files
```
./integrity gen
```
sample command:
```
./integrity gen /int_sam
```
* This will generate hash files `hash_bin`, `hash_sbin`, `hash_etc` and `hash_usr` in `/int_sam` directory. This hash files will contain hash of all files contained in `/bin`,`/sbin`, `/etc` and `/usr`.
* If integrity is started with gen parameter with folder that already contains `hash_bin`, `hash_sbin`, `hash_usr`, `hash_etc`. Those files will be moved to folder named `old_hash`.
* After every process of generating hash files, integrity will log status activity to /var/log/messages
```
Dec 11 13:22:14 SampleMachine [Integrity]: Generating new integrity hash files... Hash files location: /int_sam/. hash functions: cksum,md5digest,sha1digest,sha256digest
Dec 11 13:26:01 SampleMachine [Integrity]: Generating new integrity hash files completed!

```
* _More folders will be added later, or more specifically option to add more folders._
* _Now integrity also checks bsd.rd and bsd.sp hash_

### Verifying files
```
./integrity ver
```
sample command:
```
./integrity ver /int_sam
```
* If folder contains hash files `hash_bin`, `hash_sbin`,`hash_etc`, `hash_usr`, integrity will check the integrity of all files contained in `/bin`,`/sbin`, `/etc` and `/usr`, and will report changes and status to root with mail.
* Same as `gen` argument, `ver` will log activity /var/log/messages

### On boot verification - broken
* **integrity.sh needs to be in / (root dir) for installation to work**
* Integrity can be started on boot, and verify all files and changes in specified folders.
```
./integrity install
```
sample command:
```
./integrity install /int_sam
```
* This will add `./integrity ver /int_sam` to `rc.local` file, which will run verification on every boot