MD5 Checksum File Binary
--------------------------------
Author : Ph03n1X | king_purba@yahoo.co.uk
http://kandangjamur.net
http://kecoak-elektronik.net

Bash script untuk cek integritas file bineries di linux machine, digunakan untuk
mendeteksi kemungkinan adanya backdoor berbasis file binary seperti SHV dan
SSH backdoor.

---------------------- start script ----------------------

#!/bin/sh
#MD5 Cheksum for binaries files
#First U need to create a list of md5 files then save in a file
#e.g origmd5.txt
#REMEMBER WORK ON LINUX with md5sum installed
#Tested in Fedora core 4 & Fedora core 5
#Cron this script every 7 days

setup()
{
  rm -f bin.txt sbin.txt usrbin.txt usrsbin.txt localbin.txt localsbin.txt
  echo -n "Give file name first please (\"_) : "
  read READ

  touch daftar.txt
  find /bin/ -type f >> bin.txt
  find /sbin/ -type f >> sbin.txt
  find /usr/bin/ -type f >> usrbin.txt
  find /usr/sbin/ -type f >> usrsbin.txt
  find /usr/local/bin/ -type f >> localbin.txt
  find /usr/local/sbin/ -type f >> localsbin.txt

  cat bin.txt >> sbin.txt
  cat sbin.txt >> usrbin.txt
  cat usrbin.txt >> usrsbin.txt
  cat usrsbin.txt >> localbin.txt
  cat localbin.txt >> localsbin.txt
  cat localsbin.txt >> daftar.txt

  LIST=$(cat daftar.txt)
  COUNT=10000000
  touch $READ
  rm -f $READ
  for LINE in $LIST
  do
        echo writing md5 of $LINE ...
        echo $COUNT     `/root/bin/md5sum $LINE` >> $READ
        let COUNT++
  done

  rm -f bin.txt sbin.txt usrbin.txt usrsbin.txt localbin.txt localsbin.txt
  rm -f daftar.txt
}

md5cek()
{
#Specify the file name that contain your MD5 list
#echo -n "Masukkan list md5 file original : "
#read MD5
MD5="original.txt"
#
#CEKPATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin
#

cat $MD5|awk '{print $3}' > listbin.txt

echo "CREATING NEW MD5 CHECKSUM STARTING...."
echo

#New MD5 Binary Files
#LIST=$(cat listbin.txt)
rm -f bin.txt sbin.txt usrbin.txt usrsbin.txt localbin.txt localsbin.txt newenc.txt daftar.txt
touch daftar.txt
find /bin/ -type f >> bin.txt
find /sbin/ -type f >> sbin.txt
find /usr/bin/ -type f >> usrbin.txt
find /usr/sbin/ -type f >> usrsbin.txt
find /usr/local/bin/ -type f >> localbin.txt
find /usr/local/sbin/ -type f >> localsbin.txt

cat bin.txt >> sbin.txt
cat sbin.txt >> usrbin.txt
cat usrbin.txt >> usrsbin.txt
cat usrsbin.txt >> localbin.txt
cat localbin.txt >> localsbin.txt
cat localsbin.txt >> daftar.txt

cat $MD5|awk '{print $3}' > listbin.txt
LIST=$(cat listbin.txt)
for NAME in $LIST
do
        echo "New md5 checksum for $NAME"
        /root/bin/md5sum $NAME|awk '{print $1}' >> newenc.txt
done

LENA=$(wc -l $MD5|awk '{print $1}')
LENB=$(wc -l daftar.txt|awk '{print $1}')
if [ $LENA != $LENB ];
then
        echo "Ada penambahan file yang belum dimasukkan ka original md5";
        echo "Saran : Silakan cari file 7 hari terakhir manggunakan find (jika dicron 7 hari)";
        echo "Example : find /sbin/ -mtime -7 -print"
        echo "Total file minggu ini $LENB"
        echo "Total file minggu lalu $LENA"
        rm -f bin.txt sbin.txt usrbin.txt usrsbin.txt localbin.txt localsbin.txt
        rm -f daftar.txt listbin.txt
        rm -f listenc.txt newenc.txt
        exit;
fi

echo
echo "CREATING NEW MD5 CHECKSUM IS FINISHED..!!"
sleep 5;
echo
echo "NOW CHECKING INFECTED FILES...!!"
echo
rm -f loginf.txt
touch loginf.txt
NEW=$(cat newenc.txt)
COUNT=$(cat $MD5|head -1|awk '{print $1}')
for LINE in $NEW
do
        MD5ORI=$(cat $MD5|grep $COUNT|awk '{print $2}')
        FILEORI=$(cat $MD5|grep $COUNT|awk '{print $3}')
        if [ "$LINE" = "$MD5ORI" ]
        then
                echo "$FILEORI = $LINE [OK]"
                echo "$FILEORI = $LINE [OK]" >> loginf.txt
        else
                echo "$FILEORI = $LINE [PROBABLY INFECTED]"
                echo "$FILEORI = $LINE [PROBABLY INFECTED]" >> loginf.txt
        fi
        let COUNT++
done

rm -f bin.txt sbin.txt usrbin.txt usrsbin.txt localbin.txt localsbin.txt
rm -f daftar.txt listbin.txt
rm -f listenc.txt newenc.txt check.c check
echo
echo "FINISHED CHECKING"
echo "CHECK RESULT IN LOGINF.TXT FILE"
echo

#Hell End Of File
}
if [ "$(whoami)" != "root" ]; then
        echo "ANDA BUTUH ROOT PAK"
        echo ""
        exit;
fi

if [ -z "$1" ]
then
        echo
        echo "MD5 check to detect malware in your system"
        echo "This Lamme Tools is coded by LoneEagle"
        echo "http://kandangjamur.net || king_purba@yahoo.co.uk"
        echo "Usage : $0 <case>"
        echo
        echo "case :"
        echo "1. Bikin file berisi list md5 dari file - file binaries"
        echo "2. Cek md5 file binaries sama ga dengan di list md5 qta"
        echo "Jalankan case 1 sesaat setelah installasi sistem"
        echo
        exit
fi

case "$1" in
1)
setup
;;
2)
md5cek
;;
*)
echo "WARNING : case salah!"
echo
;;
esac