#!/usr/bin/perl ############################################################################# # Trojanchk v1.2 (c) Darrell Shifflett # Chan Oper (lutha) on #linux EFNet. # A perl script that logs file info and then later will compares the info # to the current file properties and logs any changes. # If you rip stuff from here. give credit where credit is due. ############################################################################# # # mkdir /etc/projects .. or you can change to whatever dir you want to use. # logfile is where any changes will be logged $logfile = "/etc/projects/changes.log"; # filedata is where the data on the files is stored $filedata = "/etc/projects/filedata"; # There is also an array further in the code that contains the dirs to # check called @dirs. &menu; sub menu { $choice = ""; print "Here are your options:\n"; print "1 - record file data\n"; print "2 - check files\n"; print "3 - exit\n"; print "Please enter your choice:"; $choice = ; chop($choice); if ($choice eq "1") { &getdata } if ($choice eq "2") { &chkfiles } } sub getdata { # To add more dirs to record files in just add below @dirs = ("/bin","/sbin","/lib"); foreach $line (@dirs) { @filelist = <$line/*>; foreach $line (@filelist) { ($size,$mtime,$ctime) = (stat($line))[7,9,10]; # This path can be changed open(DB,"$filedata"); @recorded = ; close(DB); open(DB,">$filedata"); foreach $line (@recorded) { print DB "$line"; } print DB "$line!$size!$mtime!$ctime\n"; print "$line: $size , $mtime , $ctime\n"; close(DB); } } &menu; } sub chkfiles { $time = localtime(time); print "$time\n"; ($day,$month,$nday,$tme,$year) = split(/ /,$time); print "$date\n"; open(DB,"$filedata"); @files = ; close(DB); foreach $line (@files) { ($name,$osize,$omtime,$octime) = split(/!/,$line); chop($octime); print "Checking: $name\n"; ($size,$mtime,$ctime) = (stat($name))[7,9,10]; if ($osize ne $size) { open(LOG,"$logfile"); @logged = ; close(LOG); open(LOG,">$logfile"); foreach $line (@logged) { print LOG "$line"; } print LOG "$month $nday $tme ALERT: $name has changed size from $osize to $size!\n"; close(LOG); } if ($omtime ne $mtime) { open(LOG,"$logfile"); @logged = ; close(LOG); open(LOG,">$logfile"); foreach $line (@logged) { print LOG "$line"; } print LOG "$month $nday $tme ALERT: $name has changed mtime from $omtime to $mtime!\n"; close(LOG); } if ($octime ne $ctime) { open(LOG,"$logfile"); @logged = ; close(LOG); open(LOG,">$logfile"); foreach $line (@logged) { print LOG "$line"; } print LOG "$month $nday $tme ALERT: $name has changed ctime from $octime to $ctime!\n"; close(LOG); } } print "All changes have been logged to: $logfile\n"; }