Posted by: Troy Tate
automated reporting, automation, batch file, change monitoring, email report, file hashing, file integrity monitoring, hash, hashing
I recently had a task to monitor some file folders for changes to files and report when changes were made to the files. The reporting requirements were just to notify each day if files and what files were changed. There were no requirements to track who made the changes due to the limited access to the folders. That would have complicated matters some. I was able to design a quick and easy solution using a hashing utility called hashdeep (nice public domain utility) and then another utility called blat to send the reports.
I setup three batch files for this purpose and used Windows scheduler to automate the tasks.
The first batch file was called filehash.bat and had the following lines:
hashdeep.exe -r e:\sourcefolder\*.*>FilehashSum.txt
That process was needed to run to set a baseline of file hashing information. This created a text file with the MD5 and SHA-1 hashes of all files recursively under e:\sourcefolder. You need to make sure that hashdeep.exe is on your application search path.
After the desired period of waiting, I then ran filecheck.bat which looked like:
hashdeep.exe -r -vvv -a -k e:\FilehashSum.txt e:\sourcefolder\*.*>FileChanges.txt
This compared the values in the FilehashSum.txt file with the current files in the e:\sourcefolder location and put the very very verbose (-vvv) results into a file called FileChanges.txt.
The third part of the process is sending the file change report to an administrator or whoever is interested in tracking the changes. That third batch file is called blat-report.bat and looks like:
set subj=”Server Sourcefolder file change report on %date% at %time%”
blat -bodyf %body% -to %addr% -subject %subj%
The admin will receive a detailed report showing which files have NOT changed as well as those which have been changed. The schedule I setup for this is:
filecheck.bat – 11:50 PM
blat-report.bat – 12:01 AM
filehash.bat – 12:30 AM
Hopefully this will help you with monitoring files or folders in a quick and simple way. I know that this is a PCI requirement and there are many solutions out there. This tip is here to help you understand some of what might be happening in your file/folder environment with no costs.
Share with other ITKE readers what you use for file/folder change monitoring. Your advice/insights are much appreciated! Thanks for reading and let’s continue to be good network citizens.