Shell monitoring linux system file changes

Using the shell to monitor whether the files commonly used by the Linux system have been changed when the system is compromised, such as the common /etc/passwd command top, ps, etc.

#!/bin/bashEMAIL_TO=" [email protected]" #发人Email addressEMAIL_TO_B="[email protected]" #收人邮箱地址statfile="" #文件原状态, directory location definition file_command="" #Command File, directory location definition, there are commands, one command per line, such as top psfile_system="" #system files, directory location definition, one file path, such as /etc/passwdrm -f ${statfile}while [ ,null,null,3],Ture ]doif [ ! -f ${statfile} ];thentouch ${statfile} file1=`(cat ${file_command})`for i in ${file1};docmmond=`which $i`stat1=`md5sum ${ Cmmond}