File Check Hash Generator – Recursive Tripwire

finger pointing at security textYou can use this to check to see if anyone has modified, updated, upgraded, added, or removed any files on your system. After you’ve configured a system the way you want it, dump hash files for all the important directories, /etc, /bin, /usr/local, etc., or just dump the whole thing. Move the output to another system. Now if you want to check to see if something has changed, you can hash the file(s) in question and grep for the hash.

A directory like /etc has many subdirectories with subdirectories of their own – not a problem. When the script encounters a directory, it recursively calls itself so it will parse all child directories. Skipping special files should avoid the problem of probing char files, proc, and other gotchas. know it could be better. There’s things like pid files that are useless to hash.

This was just a quick stab at it. Feel free to adapt this to your own needs as you see fit.

Bash script:

md5sum=/usr/bin/md5sum # hash algorithm to use
indir=${1} # base input directory to start hashing files
outfile=${2} # full path of output file

if [ "${indir}" == "" -o "${outfile}" == "" ]; then
  echo "Usage: $0  "
  echo "  ex: $0 /etc /root/etc.hash"
  exit 1

for x in `ls "${indir}"`; do
  if [ -d ${indir}/$x ]; then # is a dir
    echo "[ Recursively hashing ${indir}/$x ]"
    $0 ${indir}/$x ${outfile} # pass new path in
    if [ $? != 0 ]; then # recursive call failed, die
      echo "Could not hash ${indir}/$x"
      exit 1
  else # is not a dir
    if [ -f ${indir}/$x ]; then # regular files only
      ${md5sum} "${indir}/$x" >> "${outfile}"

exit 0

VirtualBox can’t operate in VMX root mode

You might see this VirtualBox error when trying to start a virtual machine or create a new one.

VirtualBox can’t operate in VMX root mode. Please disable the KVM kernel extension, recompile your kernel and reboot.
VBox status code: -4011 (VERR_VMX_IN_VMX_ROOT_MODE).

Result Code:
IConsole {d5a1cbda-f5d7-4824-9afe-d640c94c7dcf}

But it’s an easy fix.

$ modprobe -l | grep kvm

Remove the modules.

$ sudo modprobe-r kvm-amd
$ sudo modprobe-r kvm-intel
$ sudo modprobe-r kvm

Remove them in that same order or else you’ll get this error:
FATAL: Module kvm is in use.

VirtualBox Black Logo BoxThe modules will reload when you reboot and you’ll probably forget about this little problem… try to run a VM… Virtualbox will complain, and then you’ll have to remove the modules all over again.

You could blacklist the modules so they don’t load automatically, or stop using the generic distribution kernel and compile your own, or go back to a pre 2.6.20 kernel since KVM was first added to 2.6.20 in February 2007. But more of a pain than it’s worth for a generic desktop system running a Fedora, Ubuntu, Debian, Arch, etc. distribution.

$ cd /etc/modprobe.d/
$ echo “kvm-amd” >> ./blacklist.conf
$ echo “kvm-intel” >> ./blacklist.conf
$ echo “kvm” >> ./blacklist.conf