-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathFIM.ps1
More file actions
106 lines (87 loc) · 4.03 KB
/
FIM.ps1
File metadata and controls
106 lines (87 loc) · 4.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
Function Calculate-FileChecksum($filePath) {
$checksum = Get-FileHash -Path $filePath -Algorithm SHA512
return $checksum
}
Function RemoveExistingBaseline() {
$baselineExists = Test-Path -Path .\baseline.txt
if ($baselineExists) {
# Remove the existing baseline file
Remove-Item -Path .\baseline.txt
}
}
Function CreateBackup($filePath) {
$backupFolder = ".\Backups"
$timestamp = Get-Date -Format "yyyyMMddHHmmss"
$backupPath = Join-Path -Path $backupFolder -ChildPath "$timestamp-$($filePath | Split-Path -Leaf)"
if (-not (Test-Path -Path $backupFolder)) {
New-Item -Path $backupFolder -ItemType Directory | Out-Null
}
Copy-Item -Path $filePath -Destination $backupPath
Write-Host "Backup created: $backupPath" -ForegroundColor Cyan
}
Write-Host ""
Write-Host "What would you like to do?"
Write-Host ""
Write-Host " A) Collect new Baseline?"
Write-Host " B) Begin monitoring files with saved Baseline?"
Write-Host ""
$response = Read-Host -Prompt "Please enter 'A' or 'B'"
Write-Host ""
if ($response -eq "A".ToUpper()) {
# Remove existing baseline.txt if it already exists
RemoveExistingBaseline
# Calculate checksums for target files and store in baseline.txt
# Collect all files in the target folder
$targetFiles = Get-ChildItem -Path .\Files
# For each file, calculate the checksum and write to baseline.txt
foreach ($file in $targetFiles) {
$checksum = Calculate-FileChecksum $file.FullName
Add-Content -Path .\baseline.txt -Value "$($checksum.Path)|$($checksum.Hash)"
}
Write-Host "Baseline created successfully." -ForegroundColor Green
}
elseif ($response -eq "B".ToUpper()) {
$baselineFile = ".\baseline.txt"
if (-not (Test-Path -Path $baselineFile)) {
Write-Host "Baseline file not found. Please create a baseline first (option A)." -ForegroundColor Yellow
Exit
}
$baselineChecksums = @{}
$filePathsAndChecksums = Get-Content -Path $baselineFile
foreach ($fileInfo in $filePathsAndChecksums) {
$baselineChecksums[$fileInfo.Split("|")[0]] = $fileInfo.Split("|")[1]
}
# Begin continuously monitoring files with saved baseline
while ($true) {
Start-Sleep -Seconds 1
$currentFiles = Get-ChildItem -Path .\Files
# For each file, calculate the checksum
foreach ($file in $currentFiles) {
$currentChecksum = Calculate-FileChecksum $file.FullName
# Notify if a new file has been created
if (-not $baselineChecksums.ContainsKey($currentChecksum.Path)) {
Write-Host "$($currentChecksum.Path) has been created!" -ForegroundColor Green
$baselineChecksums[$currentChecksum.Path] = $currentChecksum.Hash
CreateBackup $currentChecksum.Path
# Update baseline
Add-Content -Path .\baseline.txt -Value "$($currentChecksum.Path)|$($currentChecksum.Hash)"
}
# Notify if a file has been changed
elseif ($baselineChecksums[$currentChecksum.Path] -ne $currentChecksum.Hash) {
if (-not $baselineChecksums[$currentChecksum.Path + "_Notified"]) {
Write-Host "$($currentChecksum.Path) has changed!!!" -ForegroundColor Yellow
$baselineChecksums[$currentChecksum.Path + "_Notified"] = $true
}
}
}
# Check for deleted files
foreach ($baselinePath in $baselineChecksums.GetEnumerator() | ForEach-Object { $_.Key }) {
if ($baselinePath -notlike "*_Notified" -and -not (Test-Path -Path $baselinePath)) {
Write-Host "$($baselinePath) has been deleted!" -ForegroundColor DarkRed -BackgroundColor Gray
# Update baseline
$baselineChecksums.Remove($baselinePath)
Set-Content -Path .\baseline.txt -Value ($baselineChecksums.GetEnumerator() | ForEach-Object { "$($_.Key)|$($_.Value)" })
}
}
}
}