Check diff of file

[dwhitfield]

Anyone of you fine nagios admins have a plugin for checking the diff of a file and reporting back what changed?

I've been searching the net and can't find anything Basically I want to check /etc/passwd for changes and report back what was changed.

[tgriep]

This plugin may work for you.

Code: Select all

https://exchange.nagios.org/directory/Plugins/Security/check_file_md5s/details

It doesn't report back what has changed in the file, only that is has changed.
Would that work for your needs?

[BanditBBS]

I couldn't find one that did what I want, so wrote my own:

Code: Select all

#!/bin/bash
#
############## check_xx_file_diff.sh ##########################################
# Author  : IT Convergence
# Licence : GPL - http://www.fsf.org/licenses/gpl.txt
# Contrib : James Clark
# ToDo    : N/A
###############################################################################
# Check for changes to file and report back what
# changed
###############################################################################
# check_xx_file_diff.sh
###############################################################################
# Changelog:
#  2017-03-01 - Version 1.0 - Plugin coding completed
#			      Added version information
#  2017-02-28 - Version 0.1 - Plugin started
###############################################################################
# Set variables
VERSION="1.0"
VERBOSE=0
# Print usage
function usage()
{
    echo "You asked for help, included a bad argument or not enough arguments"
    echo ""
    echo "./check_xx_file_diff.sh"
    echo "	-h --help"
    echo "	-d --directory = location of file to monitor(ex /tmp/)"
    echo "	-f --file = file to monitor(ex test)"
    echo "	-v --verbose = more information in output"
    echo ""
    exit 3
}
# Test for arguments
if [[ $# -eq 0 ]] ; then
    usage
fi

# Parse arguments
while [[ $# -gt 0 ]]
do
key="$1"

case $key in
    -d | --directory)
    DIR="$2"
    shift # past argument
    ;;
    -f | --file)
    FILE="$2"
    shift # past argument
    ;;
    -h | --help)
    usage
    ;;
    -V | --version)
    echo "${0##*/} - Version: $VERSION - Written @ IT Convergence"
    exit 3
    ;;
    -v | --verbose)
    VERBOSE=1
    ;;
    *)
    usage  # unknown option
    ;;
esac
shift # past argument or value
done
# Start the real work
if [ "$VERBOSE" -eq 1 ] ; then echo "File to check = $DIR$FILE" ; fi

if [ ! -f $DIR$FILE ]; then
    echo "UNKNOWN: $DIR$FILE was not found!"
    exit 3
fi

if [ ! -f /usr/local/nagios/libexec/diff_$FILE ]; then
    echo "OK: First check - Created test file!"
    cp $DIR$FILE /usr/local/nagios/libexec/diff_$FILE
    exit 0
fi

CHECK="$(diff $DIR$FILE /usr/local/nagios/libexec/diff_$FILE)"
if [ "$VERBOSE" -eq 1 ] ; then echo "Diff result = $CHECK" ; fi

if [ "$CHECK" = "" ] ; then
	echo "OK: No Changes Detected"
	exit 0
else
	cp -f $DIR$FILE /usr/local/nagios/libexec/diff_$FILE
	echo -e "WARNING: Changes Detected - Login to Nagios for full alert - Task is required!\n$CHECK"
	exit 1
fi

Feel free to lock this one up

[dwhitfield]

Thanks for contributing the script! I'll lock it up now.