Docker>> hcheck>> 返回
项目作者: doomnuggets

项目描述 :
sha256sum dir checker
高级语言: Go
项目地址: git://github.com/doomnuggets/hcheck.git
创建时间: 2018-10-09T07:17:23Z
项目社区:https://github.com/doomnuggets/hcheck
开源协议:Do What The F*ck You Want To Public License
下载


hcheck

One of my first Go projects, terrible code.

hcheck takes a sha256sum file input and checks if the hashes either match,
mismatch, new files were created or existing ones have been removed.

Basic Usage

Given the following directory structure…

  1. tst
  2. ├── file1.bin
  3. └── sub
  4.     └── directory
  5.         └── file2.bin
  7. 2 directories, 2 files

We first create a sha256sum of the directory tree:

  1. find tst/ -type f -exec sha256sum {} \; > hashes.txt
  3. cat hashes.txt
  4. 0fb2eb1d47a1978e2e019e795bca83b758847d590fdef757f749dd44358cc4ef  tst/file1.bin
  5. 33b999f808fda86a6bb9cb583a97c66775a6f9bd3602c4cceb27b235d697c7e3  tst/sub/directory/file2.bin

We then check if the hashes we just created match:

  1. ./hcheck --check-dir tst/ --hash-file hashes.txt
  2. 0fb2eb1d47a1978e2e019e795bca83b758847d590fdef757f749dd44358cc4ef  tst/file1.bin: OK
  3. 33b999f808fda86a6bb9cb583a97c66775a6f9bd3602c4cceb27b235d697c7e3  tst/sub/directory/file2.bin: OK

As we can see all hashes matched up (status OK).
Let’s try and add a new file and modify file1.bin

  1. echo new_file > tst/sub/new_file.bin
  2. echo change >> tst/file1.bin

Now the output of hcheck shows:

  1. ./hcheck --check-dir tst/ --hash-file hashes.txt
  3. e9c3d6e78375b7350ae37cac2ce6040b2bbbfee92440e9cfb7b461643e2a170e  tst/file1.bin: MISMATCH
  4. 33b999f808fda86a6bb9cb583a97c66775a6f9bd3602c4cceb27b235d697c7e3  tst/sub/directory/file2.bin: OK
  5. 294e1ef3296ec3b9e19a4acd0ecd3344aff767e7529eec0e2295bb7f69ca13f8  tst/sub/new_file.bin: NEW

Upon removing a file recorded in the hash file (hashes.txt) we see the following:

  1. rm tst/sub/directory/file2.bin
  3. ./hcheck --check-dir tst/ --hash-file hashes.txt
  4. e9c3d6e78375b7350ae37cac2ce6040b2bbbfee92440e9cfb7b461643e2a170e  tst/file1.bin: MISMATCH
  5. 294e1ef3296ec3b9e19a4acd0ecd3344aff767e7529eec0e2295bb7f69ca13f8  tst/sub/new_file.bin: NEW
  6. 33b999f808fda86a6bb9cb583a97c66775a6f9bd3602c4cceb27b235d697c7e3  tst/sub/directory/file2.bin: REMOVED

Filtering file status

You can use a combination of the following commandline argument flags to exclude certain output:

  • --exclude-mismatch
  • --exclude-new
  • --exclude-ok
  • --exclude-removed

Why

With the information about matching, changed, new and removed files we can keep track of a specific directory.
I use this in a honey pot environment I’m working on, to detect changes to the filesystem and trigger scripts.

License

  2.             DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
  3.                     Version 2, December 2004
  5.  Copyright (C) 2018 doomnuggets
  7.  Everyone is permitted to copy and distribute verbatim or modified
  8.  copies of this license document, and changing it is allowed as long
  9.  as the name is changed.
  11.             DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
  12.    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
  14.   0. You just DO WHAT THE FUCK YOU WANT TO.

Fork me

Use the fork luke.