If the purpose of such a sensor would be check if a file has been changed, we've created a sensor to check a file against a static hash in order to tell if its content has been touched.
The script uses PowerShell to check files on Windows systems via CIFS share.
Maybe the script can provide a basis for a sensor for your purpose:
param (
[string]$share = $(throw "-share missing"),
[string]$path = $(throw "-path missing"),
[string]$hash = $(throw "-hash missing"),
[string]$user = "",
[string]$pass = "",
[string]$algo = "SHA256"
)
$ret = 0
try
{
$pw = ConvertTo-SecureString $pass -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($user, $pw)
$null = New-PSDrive -Name tmp_hashcmp -PSProvider FileSystem -Root $share -Credential $cred
}
catch
{
Write-Host "<prtg><error>1</error><text>"$_.Exception.Message"</text></prtg>"
Return
}
$filepath = $share + "\" + $path
$filehash = (Get-FileHash -Algorithm $algo $filepath).Hash
Remove-PSDrive -Name tmp_hashcmp
if ($filehash -eq $hash)
{
$ret = 1
$msg = "File hash matches expected value"
}
else
{
$msg = "File hash is '" + $filehash + "', expected '" + $hash + "'"
}
Write-Host "<prtg><result><channel>"$path"</channel><value>"$ret"</value><valuelookup>prtg.ages.filehash.matchok</valuelookup></result><text>"$msg"</text></prtg>"
Add comment