Did anyone else try the script? Did it work for you?
- jim
On Thu, 17 Jul 2003 18:23:36 -0700
"Eric Robinson" <[EMAIL PROTECTED]> wrote:
> James,
>
> Sorry I didn't get back to your sooner. Your script looks great. I was mostly done
> with a shell script to do the same thing when your e-mail arrived, but I'm not sure
> I know what I'm doing, so I really appreciate you whipping this up. (I'll especially
> like it if you decide to add md5sum-ing as part of its security-related
> functionality.)
>
> When I'm all done with my own script, I'll send it to the list so people who
> actually *know* how to write scripts can give me some tips on making it better, just
> for the learning experience.
>
> I don't think your script is running quite properly yet. I called it sysdiff.pl and
> did the following:
>
> perl sysdiff.pl -w before /usr
>
> After it finished, I changed the permissions on /usr/bin/zipnote. That's the only
> change I made. Then I did:
>
> perl sysdiff.pl -w after /usr
> perl sysdiff.pl -c before after
>
> The script reported 5774 changes!
>
> So I made one more change, this time changing the permissions on /usr/bin/zless
> Then I did the second part again:
>
> perl sysdiff.pl -w after /usr
> perl sysdiff.pl -c before after
>
> This time it reported 358 changes!
>
> I ran into a problem like this when I was writing my shell script and discovered
> that I had included the last file access time in my list of comparisons. I changed
> it to the last modification time and it worked correctly.
>
> --
> Eric Robinson
>
>
> -----Original Message-----
> From: James Washer [SMTP:[EMAIL PROTECTED]
> Sent: Thursday, July 17, 2003 10:20 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [RLUG] Best Way to Detect All Changes After Software
> Installor Removal?
>
> Here's a little perl script I hacked together this mornign.. No bitching about
> style...ok?
>
> Any run it with "-w datafilename path [path]" to create a dataset of all files
> under the specified path(s)
> Do whatever you want to your system, then run it again saving to a different
> datafilename
>
> Finally, run it a third time with "-c datafilename1 datafilename2", and it
> will report any differences.
>
> It ignores /proc, for obvious reason.
>
> You could even run it under cron everday to build a database of snapshots..
>
> NOTICE: I've not added md5sum/checksum options just yet... that will be in
> version 2, if anyone wants to actually use this thing.
>
> Like I said.. this is a quick hack... I've not cleaned it up, so no bitching
> about style!!
>
> - jim
>
> #!/usr/bin/perl -w
>
> use strict;
>
> use File::Find;
> use Getopt::Std;
>
> my $version='File-Checker-TRLP: $Revision: 1.1 $';
> my @filedata;
> my ($cmpfile1,$cmpfile2);
> my %args;
> my ($key,$value);
> sub process_file{
> $_=$File::Find::name;
> if (m:^/proc:){
> $File::Find::prune=1;
> return;
> }
> push @filedata, "$_|".join (':', ((stat
> $_)[0,1,2,3,4,5,6,7,9,10,11,12]))."\n";
> }
>
> sub save_data{
> print "saving data\n";
> open (FH, ">", $args{'w'}) or die "Failed to open $args{'w'}\n";
> print FH "$version\n";
> print FH sort @filedata;
> close FH;
> }
>
> sub usage{
> print STDERR "Usage:\tfchange -w datafile path [path]\n";
> print STDERR "\tfchange -c datafile1 datafile2\n";
> print STDERR "\t-s to include checksum, -m to include md5sum\n";
> die "try again\n";
> }
>
> sub read_data{
> }
>
> sub compare{
> my($f1,$f2)[EMAIL PROTECTED];
> my(@data1,@data2);
> my %merge;
> my %merge2;
> my($version1,$version2);
>
> open(FH1, "<", $f1) or die "unable to open $f1\n";
> open(FH2, "<", $f2) or die "unable to open $f2\n";
>
> @data1=<FH1>;
> @data2=<FH2>;
>
> chomp($version1=shift @data1);
> chomp($version2=shift @data2);
>
> if($version1 ne $version2){
> die "Version mismatch $version1 != $version2\n";
> }
>
> foreach ( @data1 ){
> my ($fname,$stat)=split(/\|/);
> if(exists $merge{$fname}){
> print "Yikes!!, $fname is listed more than once in
> first set... BAD!!\n";
> }
> $merge{$fname}=$stat;
> }
> foreach ( @data2 ){
> my ($fname,$stat)=split(/\|/);
> if(exists $merge2{$fname}){
> print "Yikes!!, $fname is listed more than once in 2nd
> set... BAD!!\n";
> }
> $merge2{$fname}=$stat;
> }
>
> foreach ( @data2 ){
> my ($fname,$stat)=split(/\|/);
> #print "$fname has stat of $stat\n";
> if(! exists $merge{$fname} ){
> print "WARNING $fname did not exist in the first
> dataset\n";
> }
> elsif( $merge{$fname} ne $stat ){
> show_diff($fname,$merge{$fname},$stat);
> }
> delete $merge{$fname};
> }
>
> foreach ( keys %merge ){
> print "$_ did not exist in the second dataset\n";
> }
> }
> sub show_diff{
> my($fname,$stat1,$stat2)[EMAIL PROTECTED];
>
> my @stat1=split( /:/,$stat1 );
> my @stat2=split( /:/,$stat2 );
>
> chomp $stat1[11];
> chomp $stat2[11];
>
> my @elements=qw( dev ino mode nlink uid gid rdev size mtime ctime
> blksize blocks );
> print "$fname: ";
> for(my $x=0;$x<12;$x++){
> if( $stat1[$x] != $stat2[$x] ){
> print "$elements[$x] $stat1[$x]/$stat2[$x] ";
> }
> }
> print "\n";
> }
>
> sub file_ok{
> my $fname=shift;
> if( ! -f $fname ){print STDERR "No such file: $fname\n";return 1;}
> if( ! -r $fname ){print STDERR "Cannot read: $fname\n";return 1;}
> return 0;
> }
>
> getopts( "w:smc", \%args ) or usage();
>
>
> if(exists $args{'c'}){
> if ($#ARGV != 1 ){
> usage();
> }
> $cmpfile1=shift @ARGV;
> $cmpfile2=shift @ARGV;
>
> if(file_ok($cmpfile1) || file_ok($cmpfile2)){usage()}
> compare($cmpfile1,$cmpfile2);
> } elsif (exists $args{'w'}){
> if ($#ARGV < 0 ){
> usage();
> }
> print "calling find with @ARGV\n";
> @ARGV=('/') unless @ARGV;
> find( \&process_file, @ARGV);
> save_data();
> }
> _______________________________________________
> RLUG mailing list
> [EMAIL PROTECTED]
> http://www.rlug.org/mailman/listinfo/rlug
> _______________________________________________
> RLUG mailing list
> [EMAIL PROTECTED]
> http://www.rlug.org/mailman/listinfo/rlug
>
_______________________________________________
RLUG mailing list
[EMAIL PROTECTED]
http://www.rlug.org/mailman/listinfo/rlug
