#!/bin/bash #The hole idea of how to get the origin files' permission is learned from http://sysadminnotebook.blogspot.com/2012/06/how-to-reset-folder-permissions-to.html TDIR=`mktemp -d` cd $TDIR aptitude download auditd FILES=`dpkg -c auditd*.deb | sed -e '/^d/d' | \ sed '/audit.rules$/p;s/\/etc\/audit\/rules.d\/audit.rules$/\/etc\/audit\/audit.rules/'` DIRECTORY=`dpkg -c auditd*.deb | sed -n '/^d/p' | \ sed -e '/\/usr\/share\/man/d'` case $1 in permission) echo "$FILES" | while read FILE; do echo "$FILE" | awk '{print $6}' | sed -e 's/^.//g' | while read line; do ORIGIN=$(echo "$FILE" | awk '{print $1}') CURRENT=$(ls -l "$line" | awk '{print $1}') if [ "$CURRENT" != "$ORIGIN" ];then echo "ORIGIN:$FILE" echo "CURRENT:$(ls -l $line)" exit 1 fi done done echo "$DIRECTORY" | while read DIR; do echo "$DIR" | awk '{print $6}' | sed -e 's/^.//g' | while read line; do ORIGIN=$(echo "$DIR" | awk '{print $1}' ) CURRENT=$(ls -dl "$line" | awk '{print $1}' ) if [ "$CURRENT" != "$ORIGIN" ];then echo "$ORIGIN:$DIR" echo "$CURRENT:$(ls -dl $line)" exit 1 fi done done ;; owner) echo "$FILES" | while read FILE; do echo "$FILE" | awk '{print $6}' | sed -e 's/^.//g' | while read line; do ORIGIN=$(echo "$FILE" | awk '{print $2}' | awk -F '/' '{print $1}') CURRENT=$(ls -l "$line" | awk '{print $3}') if [ "$CURRENT" != "$ORIGIN" ];then echo "ORIGIN:$FILE" echo "CURRENT:$(ls -l $line)" exit 1 fi done done echo "$DIRECTORY" | while read DIR; do echo "$DIR" | awk '{print $6}' | sed -e 's/^.//g' | while read line; do ORIGIN=$(echo "$DIR" | awk '{print $2}' | awk -F '/' '{print $1}' ) CURRENT=$(ls -dl "$line" | awk '{print $3}' ) if [ "$CURRENT" != "$ORIGIN" ];then echo "$ORIGIN:$DIR" echo "$CURRENT:$(ls -dl $line)" exit 1 fi done done ;; group-owner) echo "$FILES" | while read FILE; do echo "$FILE" | awk '{print $6}' | sed -e 's/^.//g' | while read line; do ORIGIN=$(echo "$FILE" | awk '{print $2}' | awk -F '/' '{print $2}') CURRENT=$(ls -l "$line" | awk '{print $4}') if [ "$CURRENT" != "$ORIGIN" ];then echo "ORIGIN:$FILE" echo "CURRENT:$(ls -l $line)" exit 1 fi done done echo "$DIRECTORY" | while read DIR; do echo "$DIR" | awk '{print $6}' | sed -e 's/^.//g' | while read line; do ORIGIN=$(echo "$DIR" | awk '{print $2}' | awk -F '/' '{print $2}' ) CURRENT=$(ls -dl "$line" | awk '{print $4}' ) if [ "$CURRENT" != "$ORIGIN" ];then echo "$ORIGIN:$DIR" echo "$CURRENT:$(ls -dl $line)" exit 1 fi done done ;; file-hashes) dpkg-deb -R audit*.deb . echo "$FILES" | grep "bin/" | while read FILE; do echo "$FILE" | awk '{print $6}' | sed -e 's/^.//g' | while read line; do ORIGIN=$(sha512sum "$(echo "$line" | sed -e 's/^.\///g')" | awk '{print $1}') CURRENT=$(sha512sum "$line" | awk '{print $1}') if [ "$CURRENT" != "$ORIGIN" ];then echo "ORIGIN:$FILE" echo "CURRENT:$(ls -l $line)" exit 1 fi done done ;; esac