Provided by: systraq_0.0.20081217-7_all bug

NAME

       st_snapshot - calculate checksum and stat ownership and permissions of files

SYNOPSIS

       ST_SUM=sha256sum st_snapshot patterns homepatterns

DESCRIPTION

       st_snapshot calculates checksums and stats ownership and permissions of critical system
       files.

       This script is typically run in either root-mode or public-mode.  Running this script in
       root-mode requires root priviliges.  One is adviced to set up a dedicated user account for
       running this script in public mode.

       In root-mode, the files snapshot_root.list and snapshot_root.homelist are typically passed
       as arguments.  These pattern files are read by the script and contain names of files and
       directories; listing a directory in such a pattern file is equivalent to listing all files
       which live in the directorytree with this directory as root.

       snapshot_root.list could e.g. read

        # snapshot_root.list - files and directories we wanna get
        # monitored: we wanna get a note once these files, or any file
        # under these directories, gets created, gets rm-ed, gets
        # permissions or contents changed.  these notices will not
        # include the possibly secret contents of these files
        #
        # this file gets read by st_systraq
        /etc/group
        /etc/gshadow
        /etc/hosts.allow
        /etc/hosts.deny
        /etc/hosts.equiv
        /etc/lilo.conf
        /etc/passwd
        /etc/postfix/server.pem
        /etc/shadow
        /etc/skel
        /etc/ssh

       Equivalent files snapshot_pub.list and snapshot_pub.homelist should be on the system.
       These files should contain all worldreadable to be monitored files.  This allows for
       running this script as root only in those cases where it's needed: when reading files,
       readable for root only.

       The homelist files contain files and directories which should get monitored for every
       homedirectory on the system.  snapshot_pub.homelist could e.g. contain:

        .profile
        .cshrc
        .tcshrc
        .login
        .logout
        .bash_profile
        .bashrc
        .exrc
        .nexrc

       As a special case, when the environment variable ST_OPHOMES is set to a non-empty string
       (typically when running in public mode), we stat the permissions on all homedirectories
       themselves.

       The produced snapshot is printed to stdout.  The output when running in public mode could
       look like:

        # ownership and permissions of homedirs
        drwxr-xr-x root root /bin
        drwxr-xr-x root root /dev
        drwxr-sr-x root staff /home
        drwxr-sr-x joostvb joostvb /home/joostvb
        drwxr-xr-x root root /usr/sbin
        drwxr-xr-x root root /var
        # sha256sum of critical pub files
        4d3cd13d6dbc10e2e3ccb9477cbc9eb9b76302454c276d5771ae0b10a5fbb4d2  /home/joostvb/.ssh/id_rsa.pub
        eb8d83e0246f761a21bdfb13a03fac634ed7c3b7dde4c2efddd7b2838d32596f  /var/qmail/alias/.bashrc
        4e371f9a11f5a2464d3d5c952e58e24f73b377d33767ed93b2082fcb59a647fe  /etc/zlogin
        # ownership and permissions of critical pub files
        -rw-rw-r-- joostvb joostvb /home/joostvb/.ssh/id_rsa.pub
        -rw-r--r-- joostvb joostvb /home/joostvb/.ssh/authorized_keys

ENVIRONMENT

       ST_OPHOMES - non-empty in case permissions on all homedirectories should be printed

       ST_SUM - command for calculating file checksums.  E.g. sha256sum, sha512sum, sha384sum,
       sha224sum or sha1sum.

SEE ALSO

       The systraq manual.

VERSION

       This manpage: $Id: st_snapshot.pod 374 2008-12-14 08:47:32Z joostvb $

COPYRIGHT

       Copyright (C) 2001, 2002, 2003, 2004, 2008 Joost van Baal

       This program is free software; you can redistribute it and/or modify it under the terms of
       the GNU General Public License as published by the Free Software Foundation; either
       version 2 of the License, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
       without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
       See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program
       (see COPYING); if not, check with http://www.gnu.org/copyleft/gpl.html or write to the
       Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111, USA.

AUTHOR

       Joost van Baal <joostvb-systraq-20041015@mdcc.cx>