aboutsummaryrefslogtreecommitdiff
path: root/files
diff options
context:
space:
mode:
Diffstat (limited to 'files')
-rwxr-xr-xfiles/99_smartmonster_sleep.d.sh60
-rwxr-xr-xfiles/file_system_reporter.sh92
-rwxr-xr-xfiles/update_power_counter.sh70
3 files changed, 222 insertions, 0 deletions
diff --git a/files/99_smartmonster_sleep.d.sh b/files/99_smartmonster_sleep.d.sh
new file mode 100755
index 0000000..2977bdb
--- /dev/null
+++ b/files/99_smartmonster_sleep.d.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+#
+# smartmonster_sleep.d.sh - hook sleep, hibernate and shutdown events
+#
+#
+
+if [ "$USER" != "root" ];
+then
+ echo "You must be root!";
+ exit 1;
+fi
+
+STATE_DIR="/var/lib/smartmonster";
+HOOK_DIR="/etc/pm/sleep.d/";
+HIBERNATE_DATE_STAMP="$STATE_DIR/hibernate.stamp";
+SUSPEND_DATE_STAMP="$STATE_DIR/suspend.stamp";
+THAW_DATE_STAMP="$STATE_DIR/thaw.stamp";
+RESUME_DATE_STAMP="$STATE_DIR/resume.stamp";
+UNHANDLED_STAMP="$STATE_DIR/unhandled.stamp";
+
+# XXX: Hello TOCTOU!
+if [ ! -d "$STATE_DIR" ];
+then
+ echo "You have no $STATE_DIR; creating it!";
+ mkdir -p $STATE_DIR;
+
+ if [ $? != 0 ];
+ then
+ echo "Unable to create $STATE_DIR!";
+ exit 1;
+ fi
+
+fi
+
+# Load the common power related functions
+. /usr/lib/pm-utils/functions
+
+case "$1" in
+ hibernate)
+ update_power_counter.sh;
+ date -R > $HIBERNATE_DATE_STAMP;
+ ;;
+ suspend)
+ update_power_counter.sh;
+ date -R > $SUSPEND_DATE_STAMP;
+ ;;
+ thaw)
+ date -R > $THAW_DATE_STAMP;
+ ;;
+ resume)
+ update_power_counter.sh;
+ date -R > $RESUME_DATE_STAMP;
+ ;;
+
+ *)
+ echo "Unhandled case: $1" > $UNHANDLED_STAMP;
+ ;;
+esac
+
+exit $?
diff --git a/files/file_system_reporter.sh b/files/file_system_reporter.sh
new file mode 100755
index 0000000..e88d70d
--- /dev/null
+++ b/files/file_system_reporter.sh
@@ -0,0 +1,92 @@
+#!/bin/bash
+#
+# file_system_reporter.sh - hash the files on the boot device and compare
+#
+# This hashes files in $BOOTDEVICE_FILESYSTEM recursively and hashes the entire
+# $BOOTDEVICE as well This must be run as root or as a user that has access to
+# the specific device.
+#
+
+BOOTDEVICE="/dev/sda1";
+BOOTDEVICE_FILESYSTEM="/boot/";
+STATE_DIR="/var/lib/smartmonster";
+PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE="$STATE_DIR/previous_bootdevice_files_state";
+CURRENT_BOOTDEVICE_FILESYSTEM_FILE="$STATE_DIR/current_bootdevice_files_state";
+PREVIOUS_BOOTDEVICE_RAW_FILE="$STATE_DIR/previous_bootdevice_raw_state";
+CURRENT_BOOTDEVICE_RAW_FILE="$STATE_DIR/current_bootdevice_raw_state";
+TAMPER=0;
+HASHER="`which sha256deep`";
+HASHER_ARGS="-r";
+
+if [ "$USER" != "root" ];
+then
+ echo "You must be root!";
+ exit 1;
+fi
+
+# XXX: Hello TOCTOU!
+if [ ! -d "$STATE_DIR" ];
+then
+ echo "You have no $STATE_DIR; creating it!";
+ mkdir -p $STATE_DIR;
+
+ if [ $? != 0 ];
+ then
+ echo "Unable to create $STATE_DIR!";
+ exit 1;
+ fi
+
+fi
+
+# Hash all files and store the state in $STATE_DIR
+echo "Hashing files in $BOOTDEVICE_FILESYSTEM";
+if [ ! -f "$PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE" ];
+then
+ echo "You have no $PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE!";
+ echo "Assuming first run and populating with hashes!";
+ $HASHER $HASHER_ARGS $BOOTDEVICE_FILESYSTEM > $PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE;
+ cp -f $PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE $CURRENT_BOOTDEVICE_FILESYSTEM_FILE;
+else
+ $HASHER $HASHER_ARGS $BOOTDEVICE_FILESYSTEM > $CURRENT_BOOTDEVICE_FILESYSTEM_FILE;
+fi
+
+# Diff and recurse
+HASHER_ARGS="-r -x";
+# Now attempt to detect a miss-match of hashes in the $BOOTDEVICE_FILE path
+$HASHER $HASHER_ARGS $PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE $BOOTDEVICE_FILESYSTEM;
+HASHER_RESULT=$?;
+if [ "$HASHER_RESULT" -ge 2 ];
+then
+ echo "Files on $BOOTDEVICE_FILESYSTEM appear to be mismatched - tampering detected?";
+ TAMPER=1;
+fi
+
+# Hash $BOOTDEVICE and store the state in $STATE_DIR
+echo "Hashing $BOOTDEVICE";
+if [ ! -f "$PREVIOUS_BOOTDEVICE_RAW_FILE" ];
+then
+ echo "You have no $PREVIOUS_BOOTDEVICE_RAW_FILE!";
+ echo "Assuming first run and populating with hashes!";
+ $HASHER $BOOTDEVICE > $PREVIOUS_BOOTDEVICE_RAW_FILE;
+else
+ $HASHER $BOOTDEVICE > $CURRENT_BOOTDEVICE_RAW_FILE;
+fi
+
+# Diff
+HASHER_ARGS="-x";
+# Now attempt to detect a miss-match with the $BOOTDEVICE itself
+$HASHER $HASHER_ARGS $PREVIOUS_BOOTDEVICE_RAW_FILE $BOOTDEVICE;
+HASHER_RESULT=$?;
+if [ "$HASHER_RESULT" -ge 3 ];
+then
+ echo "Files on $BOOTDEVICE_FILESYSTEM appear to be mismatched - tampering detected?";
+ TAMPER=1;
+fi
+
+if [ "$TAMPER" -eq 1 ];
+then
+ echo "Possible tampering detected - please inspect with caution!";
+ exit 1;
+else
+ exit 0;
+fi
diff --git a/files/update_power_counter.sh b/files/update_power_counter.sh
new file mode 100755
index 0000000..785dc1e
--- /dev/null
+++ b/files/update_power_counter.sh
@@ -0,0 +1,70 @@
+#!/bin/bash
+#
+# update_power_counter.sh - query the S.M.A.R.T. data and store the state
+#
+# This fetches the current power count and stores it. It also prints the
+# previous power count state and the next expected state. This must be run as
+# root or as a user that has access to the specific device.
+#
+
+DEVICE="/dev/sda";
+STATE_DIR="/var/lib/smartmonster";
+PREVIOUS_POWER_COUNT_FILE="$STATE_DIR/previous_power_count";
+CURRENT_POWER_COUNT_FILE="$STATE_DIR/current_power_count";
+EXPECTED_POWER_COUNT_FILE="$STATE_DIR/expected_power_count";
+POWER_INCREMENT=1;
+
+if [ "$USER" != "root" ];
+then
+ echo "You must be root!";
+ exit 1;
+fi
+
+# XXX: Hello TOCTOU!
+if [ ! -d "$STATE_DIR" ];
+then
+ echo "You have no $STATE_DIR; creating it!";
+ mkdir -p $STATE_DIR;
+
+ if [ $? != 0 ];
+ then
+ echo "Unable to create $STATE_DIR!";
+ exit 1;
+ fi
+
+fi
+
+SMARTCTL="`which smartctl`";
+SMARTCTL_ARGS="-A";
+POWER_COUNT="Power_Cycle_Count"
+
+CURRENT_POWER_COUNT=`$SMARTCTL $SMARTCTL_ARGS $DEVICE|grep $POWER_COUNT|awk '{print $10}'`;
+
+if [ ! -f "$PREVIOUS_POWER_COUNT_FILE" ];
+then
+ echo "You have no $PREVIOUS_POWER_COUNT_FILE!";
+ echo "Assuming first run and populating with CURRENT_POWER_COUNT";
+ echo $CURRENT_POWER_COUNT > $PREVIOUS_POWER_COUNT_FILE;
+ echo $PREVIOUS_POWER_COUNT=$CURRENT_POWER_COUNT;
+else
+ PREVIOUS_POWER_COUNT="`cat $PREVIOUS_POWER_COUNT_FILE`";
+ if [ -z $PREVIOUS_POWER_COUNT ];
+ then
+ PREVIOUS_POWER_COUNT=$CURRENT_POWER_COUNT;
+ fi
+fi
+
+EXPECTED_NEXT_COUNT="$(expr $CURRENT_POWER_COUNT + $POWER_INCREMENT)";
+
+# Print/export the count data
+echo "PREVIOUS_POWER_COUNT=$PREVIOUS_POWER_COUNT";
+echo "CURRENT_POWER_COUNT=$CURRENT_POWER_COUNT";
+echo "EXPECTED_NEXT_COUNT=$EXPECTED_NEXT_COUNT";
+export PREVIOUS_POWER_COUNT=$PREVIOUS_POWER_COUNT;
+export CURRENT_POWER_COUNT=$CURRENT_POWER_COUNT;
+export EXPECTED_NEXT_COUNT=$EXPECTED_NEXT_COUNT;
+
+# Update the state files
+echo $PREVIOUS_POWER_COUNT > $PREVIOUS_POWER_COUNT_FILE;
+echo $CURRENT_POWER_COUNT > $CURRENT_POWER_COUNT_FILE;
+echo $EXPECTED_NEXT_COUNT > $EXPECTED_POWER_COUNT_FILE;