Find out if file has changed
Michael, by "changed", are you asking if the file has been touched (i.e. datestamp is newer), or are you asking if the content is different?
If the former, you can test this with find
or test
. For example, in shell:
#!/bin/shtouch file1sleep 1touch file2if [ "file1" -nt "file2" ]; then echo "This will never be seen."else echo "Sure enough, file1 is older."fi
If what you're looking for is a test of the contents, then your operating system probably includes something that will test the hash of a file.
[ghoti@pc ~]$ date > testfile[ghoti@pc ~]$ md5 testfileMD5 (testfile) = 1b2faf8be02641f37e6d87b15444417d[ghoti@pc ~]$ cksum testfile3778116869 29 testfile[ghoti@pc ~]$ sha1 testfile SHA1 (testfile) = 5f4076a3828bc23a050be4867549996180c2a09a[ghoti@pc ~]$ sha256 testfileSHA256 (testfile) = f083afc28880319bc31417c08344d6160356d0f449f572e78b343772dcaa72aa[ghoti@pc ~]$
I'm in FreeBSD. If you're in Linux, then you probably have "md5sum" instead of "md5".
To put this into a script, you'd need to walk through your list of files, store their hashes, then have a mechanism to test current files against their stored hashes. This is easy enough to script:
[ghoti@pc ~]$ find /bin -type f -exec md5 {} \; > /tmp/md5list[ghoti@pc ~]$ head -5 /tmp/md5listMD5 (/bin/uuidgen) = 5aa7621056ee5e7f1fe26d8abb750e7aMD5 (/bin/pax) = 7baf4514814f79c1ff6e5195daadc1feMD5 (/bin/cat) = f1401b32ed46802735769ec99963a322MD5 (/bin/echo) = 5a06125f527c7896806fc3e1f6f9f334MD5 (/bin/rcp) = 84d96f7e196c10692d5598a06968b0a5
You can store this (instead of /bin run it against whatever's important, perhaps /
) in a predictable location, then write a quick script to check a file against the hash:
#!/bin/shsumfile=/tmp/md5listif [ -z "$1" -o ! -f "$1" ]; then echo "I need a file." exit 1elif ! grep -q "($1)" $sumfile; then echo "ERROR: Unknown file: $1." exit 1finewsum="`md5 $1`"if grep -q "$newsum" $sumfile; then echo "$1 matches"else echo "$1 IS MODIFIED"fi
This kind of script is what tools like tripwire provide.