2

I have a known good directory structure that I'd like to compare owner/group and permissions against another server and flag any files/folders that need to be changed. Since I wont have access to both servers at once, I'd like to script out the compare so it churns through the directory and outputs any inaccuracies into a file.

There was a script someone wrote in another question: find / -type d -printf "chmod %m %p \n" > reset_perms.sh that forced the permissions down. I'd like to compare and output the changes rather than force them down.

Can you help?

chris
  • 11,784
  • 6
  • 41
  • 51

3 Answers3

4

There was a script someone wrote in another question: find / -type d -printf "chmod %m %p \n" > reset_perms.sh that forced the permissions down. I'd like to compare and output the changes rather than force them down.

Instead of printing out the commands to run change permissions, simply adjust the printf to spit out the uid, gid, mode, and fullpath and send the output to a file. Then as womble mentioned, use diff to compare the two files.

$find / -printf "%U, %G, %m, %p\n" > permissions.txt

0, 0, 755, /bin
0, 0, 755, /bin/chgrp
0, 0, 755, /bin/tar
0, 0, 755, /bin/dir
0, 0, 777, /bin/sh
0, 0, 777, /bin/pidof
0, 0, 777, /bin/bzless
0, 0, 755, /bin/zgrep
...
Zoredache
  • 128,755
  • 40
  • 271
  • 413
2

Run ls -lR on both trees, and then use diff to compare.

womble
  • 95,029
  • 29
  • 173
  • 228
0

AIDE Advanced Intrusion Detection Environment (AIDE) is a file integrity checker for UNIX operating systems. Its purpose to provide reporting on the integrity of data on supported file systems. By running AIDE multiple times on the target host you can determine what files are changing. By running AIDE multiple times on different hosts you can determine what files and permissions are different.

Possible overkill. There are other file integrity checkers available.