When we have extraneous user in computer, we are in state of emergency. Bad guy can modify file like /etc/ssh/sshd_config or /etc/passwd... I don't want to check checksum every day, so i write script which do it for me :) In .sumlog we write checksum::patch to file, and that's all
#!/usr/bin/perl
use warnings;
use strict;
if(-e '.sumlog'){
open (FILE, '.sumlog');
my @records =<FILE>;
foreach my $record(@records){
chomp($record);
my @arty = split('::',$record);
open(MD5, "md5sum $arty[1] |");
my $wyn = <MD5>;
my @act = split(' ',$wyn);
if ($act[0] eq $arty[0]){
print $arty[1]."... ok \n";
} else {
print $arty[1]."... not ok \n";
}
}
} else {
open (FILE, '>>.sumlog');
open (COMM, "md5sum /etc/ssh/sshd_config |");
my @comm = split(' ', <COMM>);
print FILE $comm[0].'::'.$comm[1];
print "Write checksum::patch to file in .sumlog\n";
}
This is all well and fine, but if someone has the savy to be able to alter your /etc/passwd file, they're likely not going to be tripped up by editing this thing as well. As for me, I like Tripwire. It's free for non-commercial use and does a very robust job of integrity checking.