As part of bootup I validate the mbr (dd the first 512 bytes from the partition grub4dos is installed on, and compare that to a pre-recorded version), grldr, vmlinuz, menu.lst and fd64.sfs, using either comparisons to known versions md5sum's (for the larger files), or simple comparison to backup copies of those files (for the smaller files). That way any tampering (intrusion detection) gets flagged at bootup (I run the intrusion detection script in ~/Startup).
A changing save file however is more involved. Ultimately I'll be recording a md5sum for that however in the interim so far my code looks like ...
Code: Select all
# compare only partially, laR fields with a nineth value i.e. actual files
# excluding . and .. files (current directory and parent directory pointers)
# and we don't look at timestamp/date, only ownership, permissions, size and filenames
# We do pick up if files have been removed or added
mkdir /tmp/a /tmp/b
mount fd64save.ext3 /tmp/a
mount fd64save.ext3.bak /tmp/b
ls -laR /tmp/a | awk '{if(($9)&&($9!=".")&&($9!="..")){print $0}}' | awk '{print $1, $2, $3, $4, $5, $9}' | sort >/tmp/a.lst
ls -laR /tmp/b | awk '{if(($9)&&($9!=".")&&($9!="..")){print $0}}' | awk '{print $1, $2, $3, $4, $5, $9}' | sort >/tmp/b.lst
D=`diff /tmp/a.lst /tmp/b.lst`
if [ ! -z "$D" ]; then
echo warning fd64save.ext3 suspect
OK=0
fi
rm /tmp/a.lst /tmp/b.lst
umount /tmp/a /tmp/b
rmdir /tmp/a /tmp/b
My question is, is there another easier way that others might be using or might suggest? i.e. how to others go about validating a save file as having been unchanged/the-same, when the save file changes even if you don't save during a session.
TIA.