This file is indexed.

/usr/lib/nagios/plugins/check_checksums is in nagios-plugins-contrib 16.20151226.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
#!/bin/bash
#
#    check_checksums - Nagios plugin to check file checksums
#    against (local, not 100% secure) lists.
#    Supports md5 sha1 sha224 sha256 sha384 sha512 checksums.
#
#
#    Copyright (C) 2013 Bernd Zeimetz <b.zeimetz@conova.com>
#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.

umask 077

if [ $# -gt 0 ]; then
    case $1 in
        -h|--help|help)
            cat << __EOH__
$0 - Nagios plugin to check file checksums
------------------------------------------
The plugin supports md5 sha1 sha224 sha256 sha384 sha512 checksums.
As the lists are stored local it is not 100% secure.

Usage:
    For each file you want to monitor write the current checksum
    into the stored file list. Use the checksum tool you prefer,
    probably depending on your CPU power.

        sha512sum /path/to/the/file >> /etc/nagios/check_checksums.sha512
        sha384sum /path/to/the/file >> /etc/nagios/check_checksums.sha384
        sha256sum /path/to/the/file >> /etc/nagios/check_checksums.sha256
        sha224sum /path/to/the/file >> /etc/nagios/check_checksums.sha224
        sha1sum   /path/to/the/file >> /etc/nagios/check_checksums.sha1
        md5sum    /path/to/the/file >> /etc/nagios/check_checksums.md5

    Set useful file permissions:
        chown root:nagios /etc/nagios/check_checksums.*
        chmod 0640 /etc/nagios/check_checksums.*

    Run
      $0
    in nrpe or nagios to check if the checksums are still the same.
    It will return UNKNOWN if there is no checksum file at all.

    To update *ALL* stored checksums please run
    /usr/lib/nagios/update_checksums
    and all checksum files will be updated. A copy of the original file will
    be stored in /etc/nagios.

__EOH__
        exit 3
        ;;
    esac
fi

if dpkg --compare-versions `dpkg-query -W coreutils | awk '{print $2}'` ge 8.13; then
    STRICT="--strict"
else
    STRICT=""
fi

RET=3
OUT="UNKNOWN"
tmp_out=`mktemp`
tmp_err=`mktemp`
trap "rm -f ${tmp_out} ${tmp_err}" EXIT

for t in md5 sha1 sha224 sha256 sha384 sha512; do
    fname="/etc/nagios/check_checksums.${t}"
    tool="${t}sum"
    if [ -f ${fname} ]; then
        if [ ${RET} -eq 3 ]; then
            RET=0
            OUT="OK"
        fi
        ${tool} --quiet ${STRICT} --check ${fname} 1>>${tmp_out} 2>>${tmp_err}
        err=$?

        if [ ${err} -gt 0 ]; then
            RET=2
            OUT="CRITICAL"
        fi
    fi
done

if [ $RET -eq 0 ]; then
    echo "OK - all checksums verified | failed=0;1;1;0;"
else
    echo -n "${OUT} - "
    sed 's,WARNING: ,,' ${tmp_err} | tr '\n' '/'  | sed 's,/$,,'
    echo
    cat ${tmp_out}
    count=`wc -l ${tmp_out}  | awk '{print $1}'`
    echo "| failed=${count};1;1;0;"
    /usr/bin/logger -p user.err -t check_checksums -f ${tmp_out}
fi
rm -f ${tmp_out} ${tmp_err}

exit ${RET}