Eric, did you see my last message? Can you send the data? I'd sure like to get to the
bottom of this. Ideally, I'd like to be able to log onto your box and debug it. Any
chance you could set up an account for me via ssh access?
- jim
On Thu, 17 Jul 2003 18:23:36 -0700
"Eric Robinson" <[EMAIL PROTECTED]> wrote:
> James,
>
> Sorry I didn't get back to your sooner. Your script looks great. I was mostly done
> with a shell script to do the same thing when your e-mail arrived, but I'm not sure
> I know what I'm doing, so I really appreciate you whipping this up. (I'll especially
> like it if you decide to add md5sum-ing as part of its security-related
> functionality.)
>
> When I'm all done with my own script, I'll send it to the list so people who
> actually *know* how to write scripts can give me some tips on making it better, just
> for the learning experience.
>
> I don't think your script is running quite properly yet. I called it sysdiff.pl and
> did the following:
>
> perl sysdiff.pl -w before /usr
>
> After it finished, I changed the permissions on /usr/bin/zipnote. That's the only
> change I made. Then I did:
>
> perl sysdiff.pl -w after /usr
> perl sysdiff.pl -c before after
>
> The script reported 5774 changes!
>
> So I made one more change, this time changing the permissions on /usr/bin/zless
> Then I did the second part again:
>
> perl sysdiff.pl -w after /usr
> perl sysdiff.pl -c before after
>
> This time it reported 358 changes!
>
> I ran into a problem like this when I was writing my shell script and discovered
> that I had included the last file access time in my list of comparisons. I changed
> it to the last modification time and it worked correctly.
>
> --
> Eric Robinson
>
>
> -----Original Message-----
> From: James Washer [SMTP:[EMAIL PROTECTED]
> Sent: Thursday, July 17, 2003 10:20 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [RLUG] Best Way to Detect All Changes After Software
> Installor Removal?
>
> Here's a little perl script I hacked together this mornign.. No bitching about
> style...ok?
>
> Any run it with "-w datafilename path [path]" to create a dataset of all files
> under the specified path(s)
> Do whatever you want to your system, then run it again saving to a different
> datafilename
>
> Finally, run it a third time with "-c datafilename1 datafilename2", and it
> will report any differences.
>
> It ignores /proc, for obvious reason.
>
> You could even run it under cron everday to build a database of snapshots..
>
> NOTICE: I've not added md5sum/checksum options just yet... that will be in
> version 2, if anyone wants to actually use this thing.
>
> Like I said.. this is a quick hack... I've not cleaned it up, so no bitching
> about style!!
>
> - jim
>
> #!/usr/bin/perl -w
>
> use strict;
>
> use File::Find;
> use Getopt::Std;
>
> my $version='File-Checker-TRLP: $Revision: 1.1 $';
> my @filedata;
> my ($cmpfile1,$cmpfile2);
> my %args;
> my ($key,$value);
> sub process_file{
> $_=$File::Find::name;
> if (m:^/proc:){
> $File::Find::prune=1;
> return;
> }
> push @filedata, "$_|".join (':', ((stat
> $_)[0,1,2,3,4,5,6,7,9,10,11,12]))."\n";
> }
>
> sub save_data{
> print "saving data\n";
> open (FH, ">", $args{'w'}) or die "Failed to open $args{'w'}\n";
> print FH "$version\n";
> print FH sort @filedata;
> close FH;
> }
>
> sub usage{
> print STDERR "Usage:\tfchange -w datafile path [path]\n";
> print STDERR "\tfchange -c datafile1 datafile2\n";
> print STDERR "\t-s to include checksum, -m to include md5sum\n";
> die "try again\n";
> }
>
> sub read_data{
> }
>
> sub compare{
> my($f1,$f2)[EMAIL PROTECTED];
> my(@data1,@data2);
> my %merge;
> my %merge2;
> my($version1,$version2);
>
> open(FH1, "<", $f1) or die "unable to open $f1\n";
> open(FH2, "<", $f2) or die "unable to open $f2\n";
>
> @data1=<FH1>;
> @data2=<FH2>;
>
> chomp($version1=shift @data1);
> chomp($version2=shift @data2);
>
> if($version1 ne $version2){
> die "Version mismatch $version1 != $version2\n";
> }
>
> foreach ( @data1 ){
> my ($fname,$stat)=split(/\|/);
> if(exists $merge{$fname}){
> print "Yikes!!, $fname is listed more than once in
> first set... BAD!!\n";
> }
> $merge{$fname}=$stat;
> }
> foreach ( @data2 ){
> my ($fname,$stat)=split(/\|/);
> if(exists $merge2{$fname}){
> print "Yikes!!, $fname is listed more than once in 2nd
> set... BAD!!\n";
> }
> $merge2{$fname}=$stat;
> }
>
> foreach ( @data2 ){
> my ($fname,$stat)=split(/\|/);
> #print "$fname has stat of $stat\n";
> if(! exists $merge{$fname} ){
> print "WARNING $fname did not exist in the first
> dataset\n";
> }
> elsif( $merge{$fname} ne $stat ){
> show_diff($fname,$merge{$fname},$stat);
> }
> delete $merge{$fname};
> }
>
> foreach ( keys %merge ){
> print "$_ did not exist in the second dataset\n";
> }
> }
> sub show_diff{
> my($fname,$stat1,$stat2)[EMAIL PROTECTED];
>
> my @stat1=split( /:/,$stat1 );
> my @stat2=split( /:/,$stat2 );
>
> chomp $stat1[11];
> chomp $stat2[11];
>
> my @elements=qw( dev ino mode nlink uid gid rdev size mtime ctime
> blksize blocks );
> print "$fname: ";
> for(my $x=0;$x<12;$x++){
> if( $stat1[$x] != $stat2[$x] ){
> print "$elements[$x] $stat1[$x]/$stat2[$x] ";
> }
> }
> print "\n";
> }
>
> sub file_ok{
> my $fname=shift;
> if( ! -f $fname ){print STDERR "No such file: $fname\n";return 1;}
> if( ! -r $fname ){print STDERR "Cannot read: $fname\n";return 1;}
> return 0;
> }
>
> getopts( "w:smc", \%args ) or usage();
>
>
> if(exists $args{'c'}){
> if ($#ARGV != 1 ){
> usage();
> }
> $cmpfile1=shift @ARGV;
> $cmpfile2=shift @ARGV;
>
> if(file_ok($cmpfile1) || file_ok($cmpfile2)){usage()}
> compare($cmpfile1,$cmpfile2);
> } elsif (exists $args{'w'}){
> if ($#ARGV < 0 ){
> usage();
> }
> print "calling find with @ARGV\n";
> @ARGV=('/') unless @ARGV;
> find( \&process_file, @ARGV);
> save_data();
> }
> _______________________________________________
> RLUG mailing list
> [EMAIL PROTECTED]
> http://www.rlug.org/mailman/listinfo/rlug
> _______________________________________________
> RLUG mailing list
> [EMAIL PROTECTED]
> http://www.rlug.org/mailman/listinfo/rlug
>
_______________________________________________
RLUG mailing list
[EMAIL PROTECTED]
http://www.rlug.org/mailman/listinfo/rlug
