diff options
Diffstat (limited to 'files')
-rwxr-xr-x | files/99_smartmonster_sleep.d.sh | 60 | ||||
-rwxr-xr-x | files/file_system_reporter.sh | 92 | ||||
-rwxr-xr-x | files/update_power_counter.sh | 70 |
3 files changed, 222 insertions, 0 deletions
diff --git a/files/99_smartmonster_sleep.d.sh b/files/99_smartmonster_sleep.d.sh new file mode 100755 index 0000000..2977bdb --- /dev/null +++ b/files/99_smartmonster_sleep.d.sh @@ -0,0 +1,60 @@ +#!/bin/bash +# +# smartmonster_sleep.d.sh - hook sleep, hibernate and shutdown events +# +# + +if [ "$USER" != "root" ]; +then + echo "You must be root!"; + exit 1; +fi + +STATE_DIR="/var/lib/smartmonster"; +HOOK_DIR="/etc/pm/sleep.d/"; +HIBERNATE_DATE_STAMP="$STATE_DIR/hibernate.stamp"; +SUSPEND_DATE_STAMP="$STATE_DIR/suspend.stamp"; +THAW_DATE_STAMP="$STATE_DIR/thaw.stamp"; +RESUME_DATE_STAMP="$STATE_DIR/resume.stamp"; +UNHANDLED_STAMP="$STATE_DIR/unhandled.stamp"; + +# XXX: Hello TOCTOU! +if [ ! -d "$STATE_DIR" ]; +then + echo "You have no $STATE_DIR; creating it!"; + mkdir -p $STATE_DIR; + + if [ $? != 0 ]; + then + echo "Unable to create $STATE_DIR!"; + exit 1; + fi + +fi + +# Load the common power related functions +. /usr/lib/pm-utils/functions + +case "$1" in + hibernate) + update_power_counter.sh; + date -R > $HIBERNATE_DATE_STAMP; + ;; + suspend) + update_power_counter.sh; + date -R > $SUSPEND_DATE_STAMP; + ;; + thaw) + date -R > $THAW_DATE_STAMP; + ;; + resume) + update_power_counter.sh; + date -R > $RESUME_DATE_STAMP; + ;; + + *) + echo "Unhandled case: $1" > $UNHANDLED_STAMP; + ;; +esac + +exit $? diff --git a/files/file_system_reporter.sh b/files/file_system_reporter.sh new file mode 100755 index 0000000..e88d70d --- /dev/null +++ b/files/file_system_reporter.sh @@ -0,0 +1,92 @@ +#!/bin/bash +# +# file_system_reporter.sh - hash the files on the boot device and compare +# +# This hashes files in $BOOTDEVICE_FILESYSTEM recursively and hashes the entire +# $BOOTDEVICE as well This must be run as root or as a user that has access to +# the specific device. +# + +BOOTDEVICE="/dev/sda1"; +BOOTDEVICE_FILESYSTEM="/boot/"; +STATE_DIR="/var/lib/smartmonster"; +PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE="$STATE_DIR/previous_bootdevice_files_state"; +CURRENT_BOOTDEVICE_FILESYSTEM_FILE="$STATE_DIR/current_bootdevice_files_state"; +PREVIOUS_BOOTDEVICE_RAW_FILE="$STATE_DIR/previous_bootdevice_raw_state"; +CURRENT_BOOTDEVICE_RAW_FILE="$STATE_DIR/current_bootdevice_raw_state"; +TAMPER=0; +HASHER="`which sha256deep`"; +HASHER_ARGS="-r"; + +if [ "$USER" != "root" ]; +then + echo "You must be root!"; + exit 1; +fi + +# XXX: Hello TOCTOU! +if [ ! -d "$STATE_DIR" ]; +then + echo "You have no $STATE_DIR; creating it!"; + mkdir -p $STATE_DIR; + + if [ $? != 0 ]; + then + echo "Unable to create $STATE_DIR!"; + exit 1; + fi + +fi + +# Hash all files and store the state in $STATE_DIR +echo "Hashing files in $BOOTDEVICE_FILESYSTEM"; +if [ ! -f "$PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE" ]; +then + echo "You have no $PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE!"; + echo "Assuming first run and populating with hashes!"; + $HASHER $HASHER_ARGS $BOOTDEVICE_FILESYSTEM > $PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE; + cp -f $PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE $CURRENT_BOOTDEVICE_FILESYSTEM_FILE; +else + $HASHER $HASHER_ARGS $BOOTDEVICE_FILESYSTEM > $CURRENT_BOOTDEVICE_FILESYSTEM_FILE; +fi + +# Diff and recurse +HASHER_ARGS="-r -x"; +# Now attempt to detect a miss-match of hashes in the $BOOTDEVICE_FILE path +$HASHER $HASHER_ARGS $PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE $BOOTDEVICE_FILESYSTEM; +HASHER_RESULT=$?; +if [ "$HASHER_RESULT" -ge 2 ]; +then + echo "Files on $BOOTDEVICE_FILESYSTEM appear to be mismatched - tampering detected?"; + TAMPER=1; +fi + +# Hash $BOOTDEVICE and store the state in $STATE_DIR +echo "Hashing $BOOTDEVICE"; +if [ ! -f "$PREVIOUS_BOOTDEVICE_RAW_FILE" ]; +then + echo "You have no $PREVIOUS_BOOTDEVICE_RAW_FILE!"; + echo "Assuming first run and populating with hashes!"; + $HASHER $BOOTDEVICE > $PREVIOUS_BOOTDEVICE_RAW_FILE; +else + $HASHER $BOOTDEVICE > $CURRENT_BOOTDEVICE_RAW_FILE; +fi + +# Diff +HASHER_ARGS="-x"; +# Now attempt to detect a miss-match with the $BOOTDEVICE itself +$HASHER $HASHER_ARGS $PREVIOUS_BOOTDEVICE_RAW_FILE $BOOTDEVICE; +HASHER_RESULT=$?; +if [ "$HASHER_RESULT" -ge 3 ]; +then + echo "Files on $BOOTDEVICE_FILESYSTEM appear to be mismatched - tampering detected?"; + TAMPER=1; +fi + +if [ "$TAMPER" -eq 1 ]; +then + echo "Possible tampering detected - please inspect with caution!"; + exit 1; +else + exit 0; +fi diff --git a/files/update_power_counter.sh b/files/update_power_counter.sh new file mode 100755 index 0000000..785dc1e --- /dev/null +++ b/files/update_power_counter.sh @@ -0,0 +1,70 @@ +#!/bin/bash +# +# update_power_counter.sh - query the S.M.A.R.T. data and store the state +# +# This fetches the current power count and stores it. It also prints the +# previous power count state and the next expected state. This must be run as +# root or as a user that has access to the specific device. +# + +DEVICE="/dev/sda"; +STATE_DIR="/var/lib/smartmonster"; +PREVIOUS_POWER_COUNT_FILE="$STATE_DIR/previous_power_count"; +CURRENT_POWER_COUNT_FILE="$STATE_DIR/current_power_count"; +EXPECTED_POWER_COUNT_FILE="$STATE_DIR/expected_power_count"; +POWER_INCREMENT=1; + +if [ "$USER" != "root" ]; +then + echo "You must be root!"; + exit 1; +fi + +# XXX: Hello TOCTOU! +if [ ! -d "$STATE_DIR" ]; +then + echo "You have no $STATE_DIR; creating it!"; + mkdir -p $STATE_DIR; + + if [ $? != 0 ]; + then + echo "Unable to create $STATE_DIR!"; + exit 1; + fi + +fi + +SMARTCTL="`which smartctl`"; +SMARTCTL_ARGS="-A"; +POWER_COUNT="Power_Cycle_Count" + +CURRENT_POWER_COUNT=`$SMARTCTL $SMARTCTL_ARGS $DEVICE|grep $POWER_COUNT|awk '{print $10}'`; + +if [ ! -f "$PREVIOUS_POWER_COUNT_FILE" ]; +then + echo "You have no $PREVIOUS_POWER_COUNT_FILE!"; + echo "Assuming first run and populating with CURRENT_POWER_COUNT"; + echo $CURRENT_POWER_COUNT > $PREVIOUS_POWER_COUNT_FILE; + echo $PREVIOUS_POWER_COUNT=$CURRENT_POWER_COUNT; +else + PREVIOUS_POWER_COUNT="`cat $PREVIOUS_POWER_COUNT_FILE`"; + if [ -z $PREVIOUS_POWER_COUNT ]; + then + PREVIOUS_POWER_COUNT=$CURRENT_POWER_COUNT; + fi +fi + +EXPECTED_NEXT_COUNT="$(expr $CURRENT_POWER_COUNT + $POWER_INCREMENT)"; + +# Print/export the count data +echo "PREVIOUS_POWER_COUNT=$PREVIOUS_POWER_COUNT"; +echo "CURRENT_POWER_COUNT=$CURRENT_POWER_COUNT"; +echo "EXPECTED_NEXT_COUNT=$EXPECTED_NEXT_COUNT"; +export PREVIOUS_POWER_COUNT=$PREVIOUS_POWER_COUNT; +export CURRENT_POWER_COUNT=$CURRENT_POWER_COUNT; +export EXPECTED_NEXT_COUNT=$EXPECTED_NEXT_COUNT; + +# Update the state files +echo $PREVIOUS_POWER_COUNT > $PREVIOUS_POWER_COUNT_FILE; +echo $CURRENT_POWER_COUNT > $CURRENT_POWER_COUNT_FILE; +echo $EXPECTED_NEXT_COUNT > $EXPECTED_POWER_COUNT_FILE; |