LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (http://www.linuxquestions.org/questions/programming-9/)
-   -   Help trying to troubleshoot MD5 bash script (http://www.linuxquestions.org/questions/programming-9/help-trying-to-troubleshoot-md5-bash-script-554152/)

mcdrr 05-15-2007 05:35 PM

Help trying to troubleshoot MD5 bash script
 
Hello everyone,

I have been working on this all day with pulling my hair out with no succcess. I think I am at point where all I need is a second pair of eyes, I am sure that I am missing something small. Below is the script, everything works except this part
When a check is done against both MD5's old and new the script always states that the old and new md5print dont match, which should not be the case. If I echo both the $OLDMD5PRINT and $MD5PRINT variables then do a diff on both files they are identical, so I am not sure why everytime I run the script I get pointed to the ELSE statement below "echo "WARNING the old and new md5print doesnt match, the file has been changed" But like I mentioned ealier the file are identical.

if [ "$OLDMD5PRINT" = "$MD5PRINT" ]
then
echo "New and old md5print are identical, the file hasnt been changed"
else
echo "WARNING the old and new md5print doesnt match, the file has been changed"
fi




-----------------------------------------------------------------------------------------------------


#!/bin/sh
#
#
# MD5FILE-parameter specifies where we want to save our md5print for
# later use.

# Variables
# This is were the md5 check output will be saved
#MD5FILE=/tmp/baseline.md5

# The FILE_TO_CHECK-parameter specifies the file we want to monitor
# changes, in this case we will be looking at the netbios.rules
#FILE_TO_CHECK=/etc/dl/rules/current/*

if [ ! -f /etc/dl/rules/current/* ]
then
echo "ERROR Couldnt locate file to check:/etc/dl/rules/current/*"
# Will send email to admin for review in future update
exit 1
fi

echo "Taking a print on /etc/dl/rules/current/* with md5sum"
MD5PRINT=`md5sum /etc/dl/rules/current/* | cut -d " " -f1 `

if [ $? != 0 ]
then
echo "ERROR Recived MD5 file creation failed"
# Will send email to admin in future release
exit 1
#else
# echo "MD5PRINT we got was:
#$MD5PRINT"
fi
#################NEW ENTRIES###########################
if [ -f /tmp/baseline.md5 ]
then
echo "Found an old savefile:/tmp/baseline.md5 we trying to match prints"
OLDMD5PRINT=`cat /tmp/baseline.md5`
fi

# Testing for file differences
echo $OLDMD5PRINT > /tmp/oldmd5print
echo $MD5PRINT > /tmp/md5print
# End Testing

if [ "$OLDMD5PRINT" = "$MD5PRINT" ]
then
echo "New and old md5print are identical, the file hasnt been changed"
else
echo "WARNING the old and new md5print doesnt match, the file has been changed"
fi


echo "Saving to new md5print in logfile:/tmp/baseline.md5 for later checks"
echo $MD5PRINT > /tmp/baseline.md5

if [ $? = 0 ]
then
echo "Was able to write to file successfully"
else
echo "Writing to file failed...why??"
exit 1
fi
--------------------------------------------------------------------------------------------------------

Here is the output I receive when I run the script, please let me know if you guys have any questions.
thanks for all the help in advance!!

Taking a print on /etc/dl/rules/current/* with md5sum
WARNING the old and new md5print doesnt match, the file has been changed
Saving to new md5print in logfile:/tmp/baseline.md5 for later checks
Was able to write to file successfully

mcdrr 05-15-2007 05:43 PM

One thing I did forget to mention is that if instead of having an MD5 check done against all files in /etc/snort/dl/current/* and instead have an md5 check done against just one file the script runs with no problems and I get the correct output which below. The only problem is that one I need to have checks done against all files in the directory, two I can't figure out file when doing a check against all files the script doesnt not work. Even though once again the results of both MD5 files are the same when echo'ed


Taking a print on /etc/dl/rules/current/st_100.lo with md5sum
New and old md5print are identical, the file hasnt been changed
Saving to new md5print in logfile:/tmp/baseline.md5 for later checks
Was able to write to file successfully


thanks everyone

Matir 05-15-2007 06:35 PM

You want to make sure there is no whitespace surrounding the variables, perhaps a '\n' on the one read from the file or something similar. Try echoing each to 'hexdump' and see if they match byte-for-byte.

mcdrr 05-15-2007 08:04 PM

I think I found why I was getting an error even though the MD5 match, but I am not sure how I would go about fixing the problem here is the results
When the two variables are compared one prints the results horizontal the other prints them diagnal not sure if that is the problem, but maybe it can help with troubleshooting.

thanks for the help once again.



+ '[' '54ede609ba1202bc778ba10cebe54d7b 1ae5705427d66ac2840268819b3592e4 874a2cf2fedf50dcd0a9723387070c8a 7acf3abf9b24275ca93f466e3c70fa0d 4f0365c415b5b3880cee02ec6a3644d6 cbf61aada9763ed08788ef757d95f674 2dbd7096ec7c7d180c4b14c13faf08f2 df8adef18aacf89d7b9b754cf617cbff 3d518fa8638173738fb12ef7826b2854 c2dda485538efe86c6e95a89a38c6842 1390b17ec42c3f5f36246794a0c79e59 988f9173ecd0b12702b315e029cc5a83 1d207d155b7fd00b002dd5aba3a5c7fd 5441defd333117fd720b97195100185d 86e3a09eafc9e37b54287f84f9bdaa9b 7fc48199fbb389c5cd39bc89a1d92bd8 5afd7f6f54be879118bf62ad8e95b8da 15191f83e2c1582afc7ce2477c372c63 7bda641e713feb248353ac973e3805a4 bf21e18d4805b5daa17be981dbf51baf 9db390b1f56a1be0ca0223a8fa2bb195 83212b0385dd2453005b30231a0fd8ee b2cdbc80692a19f29b659fa229c6828b 9a44641676308747103b8c1b5c63d2f7 083d17e1c94b72722b28ccbd2b899d8e 0bf91933332b4266d665e1206a72c9f6 13b020823ff592b6af83d47a43e5545e f8d8a55efdfba8963588cbd39bb5f7a9 a645c40b5d832dde53209876e324d88c 15bc0721cef7766f37f634d9a9ffeba6 fb3255e41f278bbce98e657958cbc378 c90dabe0bfa933f99da0f93f9a913116 f1431d7068a7c2d0a2675d83d9123016 3c941e4ae9bd788d80c7e4007c89ae7a 3328680b2695f2ea9390bae9872c5a41 e3ebe72a3fd5bfd25f33ad0bf1a9c8c2 5b7bb9382749b2f6fd2c88a48d54c03b 6733c212193f587b80adb15cb86df847 83f965e14176fbd336fa91f44373c144 df12c0015fd98d9d630060abd5a576a5 53ce1ca5d092acf4c2bc3562ce410ef6 8e0439b3e33c235bcda3d95ba886eefe 29d60ef4553d6c715a9856d4d6ba50a8 3322e7d94bf487a844fdf38b394062f2 d01749b5cb7a7d03d3eb37f0fc7f20bc e2fe46a0acc2b1d5ea557386fb23fedd e23ae7e2458994080c4558866b028dbf daf1a1d1faa6303a478765e9efacfbb7 7a7674492920262c93d2672930024d58 ca41e2782323026ac609e7df263d73d3' = '54ede609ba1202bc778ba10cebe54d7b
1ae5705427d66ac2840268819b3592e4
874a2cf2fedf50dcd0a9723387070c8a
7acf3abf9b24275ca93f466e3c70fa0d
4f0365c415b5b3880cee02ec6a3644d6
cbf61aada9763ed08788ef757d95f674
2dbd7096ec7c7d180c4b14c13faf08f2
df8adef18aacf89d7b9b754cf617cbff
3d518fa8638173738fb12ef7826b2854
c2dda485538efe86c6e95a89a38c6842
1390b17ec42c3f5f36246794a0c79e59
988f9173ecd0b12702b315e029cc5a83
1d207d155b7fd00b002dd5aba3a5c7fd
5441defd333117fd720b97195100185d
86e3a09eafc9e37b54287f84f9bdaa9b
7fc48199fbb389c5cd39bc89a1d92bd8
5afd7f6f54be879118bf62ad8e95b8da
15191f83e2c1582afc7ce2477c372c63
7bda641e713feb248353ac973e3805a4
bf21e18d4805b5daa17be981dbf51baf
9db390b1f56a1be0ca0223a8fa2bb195
83212b0385dd2453005b30231a0fd8ee
b2cdbc80692a19f29b659fa229c6828b
9a44641676308747103b8c1b5c63d2f7
083d17e1c94b72722b28ccbd2b899d8e
0bf91933332b4266d665e1206a72c9f6
13b020823ff592b6af83d47a43e5545e
f8d8a55efdfba8963588cbd39bb5f7a9
a645c40b5d832dde53209876e324d88c
15bc0721cef7766f37f634d9a9ffeba6
fb3255e41f278bbce98e657958cbc378
c90dabe0bfa933f99da0f93f9a913116
f1431d7068a7c2d0a2675d83d9123016
3c941e4ae9bd788d80c7e4007c89ae7a
3328680b2695f2ea9390bae9872c5a41
e3ebe72a3fd5bfd25f33ad0bf1a9c8c2
5b7bb9382749b2f6fd2c88a48d54c03b
6733c212193f587b80adb15cb86df847
83f965e14176fbd336fa91f44373c144
df12c0015fd98d9d630060abd5a576a5
53ce1ca5d092acf4c2bc3562ce410ef6
8e0439b3e33c235bcda3d95ba886eefe
29d60ef4553d6c715a9856d4d6ba50a8
3322e7d94bf487a844fdf38b394062f2
d01749b5cb7a7d03d3eb37f0fc7f20bc
e2fe46a0acc2b1d5ea557386fb23fedd
e23ae7e2458994080c4558866b028dbf
daf1a1d1faa6303a478765e9efacfbb7
7a7674492920262c93d2672930024d58
ca41e2782323026ac609e7df263d73d3' ']'

Matir 05-16-2007 01:26 AM

Yes, it's comparing a whole list... you could run the space-delimited one through "tr ' ' '\n'" or the newline one through the reverse. (See man tr for details, if you're confused)

vwvr9 01-09-2008 02:08 AM

you can to a diff

diff "$OLDMD5PRINT" = "$MD5PRINT"

unSpawn 01-09-2008 03:36 AM

Since this appears to be about Snort rule files you should know (wrt reinventing the wheel) there already is a much used script (Oinkmaster) for downloading and installing Snort rules.

If you want to pursue making your own script then I think that if you want to handle all sums in one go you could also do something like
Code:

[ `echo "$OLDMD5PRINT"|sha1sum|awk '{print $1}'` != `echo "$MD5PRINT"|sha1sum|awk '{print$1}'` ] && doSomething
though I think you should compare rules on a case by case basis and not lump all sums together. If your rules reside in /etc/snort and your D/L rules are in /tmp/download you could for instance
Code:

find /tmp/download -type f | while read file; do
if [ ! -e "/etc/snort/${file//*\//}" ]; then echo "New or missing rule"; else
if [ `md5sum "${file}"|awk '{print $1}'`  != " `md5sum /etc/snort/${file//*\//}|awk '{print $1}'` ]; then echo "changed rule"
# etc, etc

because that gives you the opportunity to perform operations (logging changes, commenting out troublesome or unwanted SIDs and installation ) on a per-rule basis. For the script to be be complete it should also backup rules (roll back), handle changes in /etc/snort/snort.conf and maps and do a `snort -T` before finishing off or you'll end up with "snort dead but subsys locked". At least that's what *my* script does.


All times are GMT -5. The time now is 09:30 AM.