Menu
Index

Contact
Atom Feed
Comments Atom Feed

Similar Articles

2011-05-01 20:00
syslog-ng on OpenWrt
2011-05-01 11:25
Log checker (mini_logcheck) for OpenWrt
2010-11-17 18:40
OpenWrt on RB450G for AAISP FTTC
2010-04-24 10:31
OpenWrt Take 2 - native IPv6 on DG834 v3 (using AAISP)
2010-01-23 18:41
OpenWrt with native IPv6 on DG834 v2 (using AAISP)

Recent Articles

2019-07-28 16:35
git http with Nginx via Flask wsgi application (git4nginx)
2018-05-15 16:48
Raspberry Pi Camera, IR Lights and more
2017-04-23 14:21
Raspberry Pi SD Card Test
2017-04-07 10:54
DNS Firewall (blackhole malicious, like Pi-hole) with bind9
2017-03-28 13:07
Kubernetes to learn Part 4

Glen Pitt-Pladdy :: Blog

Filesystem checker (mini_fscheck) for OpenWrt

 

As mentioned previously, I'm a believer in monitoring things closely and another tool that is useful. Some form of filesystem checker which reports changes is useful even if it is only to remind me of changes I've made.

Like my mini_logcheck script this also has to be very lightweight and based on standard busybox tools.

How it works

What we do is maintain a database of the filesystem the last time we looked at it. This includes inodes, MD5 checksums, permissions, sizes etc., then on each run we do a diff against the last time, and email that if stuff has changed.

Installation & Configuration

Download mini_fscheck for OpenWrt and ensure you also have the following packages installed:

  • cron - needed to run mini_fscheck
  • mini_sendmail - needed to send emails

Put mini_fscheck somewhere suitable (eg. /usr/sbin though /etc would arguably be OK considering it contains email configuration). You will need to edit the file to set the email configuration appropriately for your needs.

You may also want to modify the find command to include/exclude things that you want to monitor.

If you are using my mini_logcheck then don't forget to add a rule rule in for running this for crond:

crond\[[0-9]+\]: USER root pid [0-9]+ cmd /usr/sbin/mini_fscheck$

This will be logged each time the cron runs the script so if you don't have this you will get an email every time.

Then add a cron entry (create a a new file if needed) in /etc/crontabs/root to run the script:

# m h dom mon dow command
  42 */2 * * * /usr/sbin/mini_fscheck

How often you run the filesystem check is up to you - more often will catch problems earlier but this is fairly CPU and IO intensive and if the rules are not perfect it risks filling your mailbox with messages.

Restart cron to read the new crontab and start things off:

# /etc/init.d/cron restart

Then each time the script runs it should email you any new log lines which are not excluded by the patterns on the find lines.

The first run should email you about generating the databases, and after that you should get diffs of the files that change.
This is a bunch of random thoughts, ideas and other nonsense, and is not intended to be taken seriously. I'm experimenting and mostly have no idea what I am doing with most of this so it should be taken with cuation and at your own risk. Intrustive technologies are minimised where possible. For the purposes of reducing abuse and other risks hCaptcha is used and has it's own policies linked from the widget.