Menu
Index

Contact
LinkedIn
GitHub
Atom Feed
Comments Atom Feed

Similar Articles

2011-05-01 20:00
syslog-ng on OpenWrt
2011-05-01 11:25
Log checker (mini_logcheck) for OpenWrt
2010-04-24 10:31
OpenWrt Take 2 - native IPv6 on DG834 v3 (using AAISP)
2010-01-23 18:41
OpenWrt with native IPv6 on DG834 v2 (using AAISP)
2012-04-07 22:06
Background files integrity and log auditing (fcheck/logcheck)

Recent Articles

2019-07-28 16:35
git http with Nginx via Flask wsgi application (git4nginx)
2018-05-15 16:48
Raspberry Pi Camera, IR Lights and more
2017-04-23 14:21
Raspberry Pi SD Card Test
2017-04-07 10:54
DNS Firewall (blackhole malicious, like Pi-hole) with bind9
2017-03-28 13:07
Kubernetes to learn Part 4

Glen Pitt-Pladdy :: Blog

Filesystem checker (mini_fscheck) for OpenWrt

 

As mentioned previously, I'm a believer in monitoring things closely and another tool that is useful. Some form of filesystem checker which reports changes is useful even if it is only to remind me of changes I've made.

Like my mini_logcheck script this also has to be very lightweight and based on standard busybox tools.

How it works

What we do is maintain a database of the filesystem the last time we looked at it. This includes inodes, MD5 checksums, permissions, sizes etc., then on each run we do a diff against the last time, and email that if stuff has changed.

Installation & Configuration

Download mini_fscheck for OpenWrt and ensure you also have the following packages installed:

  • cron - needed to run mini_fscheck
  • mini_sendmail - needed to send emails

Put mini_fscheck somewhere suitable (eg. /usr/sbin though /etc would arguably be OK considering it contains email configuration). You will need to edit the file to set the email configuration appropriately for your needs.

You may also want to modify the find command to include/exclude things that you want to monitor.

If you are using my mini_logcheck then don't forget to add a rule rule in for running this for crond:

crond\[[0-9]+\]: USER root pid [0-9]+ cmd /usr/sbin/mini_fscheck$

This will be logged each time the cron runs the script so if you don't have this you will get an email every time.

Then add a cron entry (create a a new file if needed) in /etc/crontabs/root to run the script:

# m h dom mon dow command
  42 */2 * * * /usr/sbin/mini_fscheck

How often you run the filesystem check is up to you - more often will catch problems earlier but this is fairly CPU and IO intensive and if the rules are not perfect it risks filling your mailbox with messages.

Restart cron to read the new crontab and start things off:

# /etc/init.d/cron restart

Then each time the script runs it should email you any new log lines which are not excluded by the patterns on the find lines.

The first run should email you about generating the databases, and after that you should get diffs of the files that change.

Comments:




Note: Identity details will be stored in a cookie. Posts may not appear immediately
Disclaimer: This is a load of random thoughts, ideas and other nonsense and is not intended to be taken seriously. I have no idea what I am doing with most of this so if you are stupid and naive enough to believe any of it, it is your own fault and you can live with the consequences. More importantly this blog may contain substances such as humor which have not yet been approved for human (or machine) consumption and could seriously damage your health if taken seriously. If you still feel the need to litigate (or whatever other legal nonsense people have dreamed up now), then please address all complaints and other stupidity to yourself as you clearly "don't get it". This site uses cookies stored for for generating usage statistics and makes use of Google Analytics with it's own policies.