syscheck: a general housekeeping script

byte · 2009-10-17 23:58:59

I wanted to clean up my Arch boxes and unify a few configs, so I hacked together this script in the last two days.
Spares me some time by doing stuff I had done manually before, like diff'ing config files, managing .pacnew files and so on.
This is probably as complex as you can get, without managing your /etc with Git.

#! /bin/bash

# byte/jra
# a script to keep track of various sorts of system modifications
# (rather hackish, probably unsafe file handling, but still useful)

# search path
P=('/boot' '/etc')

# output files naming scheme
LOG="$(hostname)-$(date +%Y%m%d)"

# 3rd line in this script is the universal "I was here" tag to use in new files
TAG="$(sed -n '3p' "$0")"

# here be dragons ...
cd /root || exit 1

# make sure /boot is mounted ('noauto' in my fstab)
mount /boot 2>/dev/null

# first, check if all files of the installed packages are still there
pacman -Qqk >"${LOG}"_lostfile

# make a list of modified config files; this assumes you made a backup copy
# (*_orig) of the originally packaged config before your first edit!
find "${P[@]}" -name '*_orig' | sed 's/_orig$//' | sort >"${LOG}"_edit

# make a diff of the modifications
: >"${LOG}".diff
for F in $(cat "${LOG}"_edit); do
  diff -U0 "${F}"_orig "${F}" >>"${LOG}".diff
done

# here we're looking for self-created config files with a tag inside
grep -FRls "${TAG}" "${P[@]}" >"${LOG}"_self

# find config files which have an original backup *and* a tag (bad)
sort "${LOG}"_{edit,self} | uniq -d >"${LOG}"_tagdouble

# search modified configs without proper original backup (also bad);
# you could temporarily rename those files and reinstall the package
# in order to get the original config
LANG=C pacman -Qii | grep MODIFIED | cut -c10- | sort >"${LOG}"_p
diff "${LOG}"_edit "${LOG}"_p | grep '^>' | cut -c3- >"${LOG}"_missingorig
rm -f "${LOG}"_p

# now check the other way round -- is my *_orig backup genuine?
: >"${LOG}"_falseorig
for F in $(cat "${LOG}"_edit); do
  if ! $(grep -q $(md5sum "${F}"_orig | cut -d' ' -f1) \
  /var/lib/pacman/local/$(pacman -Qqo "${F}")*/files); then
    echo "${F}" >>"${LOG}"_falseorig
  fi
done

# what to do with *.pacnew files ...
# if it's identical to the *_orig backup, just remove it;
# otherwise, log the diffs first and then move it over
: >"${LOG}"_pacnew.diff
for PN in $(find "${P[@]}" -name '*.pacnew'); do
  if $(cmp "${PN}" "${PN/.pacnew/_orig}"); then
    rm -f "${PN}"
  else
    diff -U0 "${PN/.pacnew/_orig}" "${PN}" >>"${LOG}"_pacnew.diff
    mv -f "${PN}" "${PN/.pacnew/_orig}"
  fi
done

# search files in mostly static paths that are not tracked by pacman
find /bin /boot /etc /lib /opt /sbin /usr | sort >"${LOG}"_f
pacman -Qql | sed 's,/$,,' | sort -u >"${LOG}"_p
diff "${LOG}"_f "${LOG}"_p | grep '^<' | cut -c3- >"${LOG}"_untracked
rm -f "${LOG}"_[fp]

umount /boot 2>/dev/null

# The End -- now check the output files and keep your $EDITOR ready  :)
#
# TODO:
# - compare checksums/timestamps/permissions/ownership of the filesystem
#   contents with the packages (prerequisites: repo mirror / --verify, as RPM)
# - somehow act on the output files, like comparing them to previous runs and
#   pruning duplicates
#

Last edited by byte (2009-10-18 00:01:32)

Chrysalis · 2009-10-18 02:08:14

I dont get it ;/

How does this save you time?

Or is this meant just for logs?

byte · 2009-10-18 02:18:08

Mainly for the logs, yes. I intend to run it through cron.weekly, and just by looking at the file sizes I can see when something changed (that I missed; usually I act on .pacnew warnings immediately).
After going through the results for two quite different machines (non-[testing] GNOME vs. [testing] KDE), I'd say that after the initial cleanup (stray config files, stuff in /usr/local etc.) there's not much left to do afterwards.

Arch Linux

#1 2009-10-17 23:58:59

syscheck: a general housekeeping script

#2 2009-10-18 02:08:14

Re: syscheck: a general housekeeping script

#3 2009-10-18 02:18:08

Re: syscheck: a general housekeeping script

Board footer