James,
Sorry I didn't get back to your sooner. Your script looks great. I was mostly done
with a shell script to do the same thing when your e-mail arrived, but I'm not sure I
know what I'm doing, so I really appreciate you whipping this up. (I'll especially
like it if you decide to add md5sum-ing as part of its security-related functionality.)
When I'm all done with my own script, I'll send it to the list so people who actually
*know* how to write scripts can give me some tips on making it better, just for the
learning experience.
I don't think your script is running quite properly yet. I called it sysdiff.pl and
did the following:
perl sysdiff.pl -w before /usr
After it finished, I changed the permissions on /usr/bin/zipnote. That's the only
change I made. Then I did:
perl sysdiff.pl -w after /usr
perl sysdiff.pl -c before after
The script reported 5774 changes!
So I made one more change, this time changing the permissions on /usr/bin/zless
Then I did the second part again:
perl sysdiff.pl -w after /usr
perl sysdiff.pl -c before after
This time it reported 358 changes!
I ran into a problem like this when I was writing my shell script and discovered that
I had included the last file access time in my list of comparisons. I changed it to
the last modification time and it worked correctly.
--
Eric Robinson
-----Original Message-----
From: James Washer [SMTP:[EMAIL PROTECTED]
Sent: Thursday, July 17, 2003 10:20 AM
To: [EMAIL PROTECTED]
Subject: Re: [RLUG] Best Way to Detect All Changes After Software
Installor Removal?
Here's a little perl script I hacked together this mornign.. No bitching about
style...ok?
Any run it with "-w datafilename path [path]" to create a dataset of all files
under the specified path(s)
Do whatever you want to your system, then run it again saving to a different
datafilename
Finally, run it a third time with "-c datafilename1 datafilename2", and it
will report any differences.
It ignores /proc, for obvious reason.
You could even run it under cron everday to build a database of snapshots..
NOTICE: I've not added md5sum/checksum options just yet... that will be in
version 2, if anyone wants to actually use this thing.
Like I said.. this is a quick hack... I've not cleaned it up, so no bitching
about style!!
- jim
#!/usr/bin/perl -w
use strict;
use File::Find;
use Getopt::Std;
my $version='File-Checker-TRLP: $Revision: 1.1 $';
my @filedata;
my ($cmpfile1,$cmpfile2);
my %args;
my ($key,$value);
sub process_file{
$_=$File::Find::name;
if (m:^/proc:){
$File::Find::prune=1;
return;
}
push @filedata, "$_|".join (':', ((stat
$_)[0,1,2,3,4,5,6,7,9,10,11,12]))."\n";
}
sub save_data{
print "saving data\n";
open (FH, ">", $args{'w'}) or die "Failed to open $args{'w'}\n";
print FH "$version\n";
print FH sort @filedata;
close FH;
}
sub usage{
print STDERR "Usage:\tfchange -w datafile path [path]\n";
print STDERR "\tfchange -c datafile1 datafile2\n";
print STDERR "\t-s to include checksum, -m to include md5sum\n";
die "try again\n";
}
sub read_data{
}
sub compare{
my($f1,$f2)[EMAIL PROTECTED];
my(@data1,@data2);
my %merge;
my %merge2;
my($version1,$version2);
open(FH1, "<", $f1) or die "unable to open $f1\n";
open(FH2, "<", $f2) or die "unable to open $f2\n";
@data1=<FH1>;
@data2=<FH2>;
chomp($version1=shift @data1);
chomp($version2=shift @data2);
if($version1 ne $version2){
die "Version mismatch $version1 != $version2\n";
}
foreach ( @data1 ){
my ($fname,$stat)=split(/\|/);
if(exists $merge{$fname}){
print "Yikes!!, $fname is listed more than once in
first set... BAD!!\n";
}
$merge{$fname}=$stat;
}
foreach ( @data2 ){
my ($fname,$stat)=split(/\|/);
if(exists $merge2{$fname}){
print "Yikes!!, $fname is listed more than once in 2nd
set... BAD!!\n";
}
$merge2{$fname}=$stat;
}
foreach ( @data2 ){
my ($fname,$stat)=split(/\|/);
#print "$fname has stat of $stat\n";
if(! exists $merge{$fname} ){
print "WARNING $fname did not exist in the first
dataset\n";
}
elsif( $merge{$fname} ne $stat ){
show_diff($fname,$merge{$fname},$stat);
}
delete $merge{$fname};
}
foreach ( keys %merge ){
print "$_ did not exist in the second dataset\n";
}
}
sub show_diff{
my($fname,$stat1,$stat2)[EMAIL PROTECTED];
my @stat1=split( /:/,$stat1 );
my @stat2=split( /:/,$stat2 );
chomp $stat1[11];
chomp $stat2[11];
my @elements=qw( dev ino mode nlink uid gid rdev size mtime ctime
blksize blocks );
print "$fname: ";
for(my $x=0;$x<12;$x++){
if( $stat1[$x] != $stat2[$x] ){
print "$elements[$x] $stat1[$x]/$stat2[$x] ";
}
}
print "\n";
}
sub file_ok{
my $fname=shift;
if( ! -f $fname ){print STDERR "No such file: $fname\n";return 1;}
if( ! -r $fname ){print STDERR "Cannot read: $fname\n";return 1;}
return 0;
}
getopts( "w:smc", \%args ) or usage();
if(exists $args{'c'}){
if ($#ARGV != 1 ){
usage();
}
$cmpfile1=shift @ARGV;
$cmpfile2=shift @ARGV;
if(file_ok($cmpfile1) || file_ok($cmpfile2)){usage()}
compare($cmpfile1,$cmpfile2);
} elsif (exists $args{'w'}){
if ($#ARGV < 0 ){
usage();
}
print "calling find with @ARGV\n";
@ARGV=('/') unless @ARGV;
find( \&process_file, @ARGV);
save_data();
}
_______________________________________________
RLUG mailing list
[EMAIL PROTECTED]
http://www.rlug.org/mailman/listinfo/rlug
_______________________________________________
RLUG mailing list
[EMAIL PROTECTED]
http://www.rlug.org/mailman/listinfo/rlug
