[ale] File Integrity Check

[Mike Fletcher]

>>>>> "Russell" == Russell Enderby <Russell.Enderby at arris-i.com> writes:

    Russell> In pursuit of determining critical system files for
    Russell> modifications I was thinking the checksum prog 'sum'
    Russell> would be sufficient.  Understanding that time,date, and
    Russell> file size can be modified under the ext2fs/ufs directory
    Russell> table.  Is it possible to also make the 'sum' checksum
    Russell> appear to be correct?

        Yes, it is possible to pad a file such that the output of sum
is the same.

    Russell> I was under the impression tripwire uses its own special
    Russell> checksum prog to verify files, although would 'sum' be
    Russell> sufficient as well?  If not does anyone know of better
    Russell> more thorough checksum app?

        Tripwire uses (among others) MD5, which is a cryptographically 
secure one-way hash.  RedHat ships with a version /usr/bin/md5sum
that's in the textutils RPM, or you could install the Perl Digest::MD5 
module and use this:

--->8 Cut Here 8<---
#!/usr/bin/perl

use strict;

use FileHandle qw(:DEFAULT);
use MD5 ();

unless( scalar(@ARGV) > 0 ) {
  print STDERR "usage: $0 [file [file ...]]\n";
  exit 1;
}

my $md5 = MD5->new;
foreach( @ARGV ) {
  $md5->reset;

  my $cur = FileHandle->new( $_ );
  unless( $cur ) {
    print STDERR "Can't open $_: $!\n";
    next;
  }

  $md5->addfile( $cur );

  print "MD5 ($_) = ", $md5->hexdigest, "\n";
}

exit 0;
__END__
--->8 Cut Here 8<---


-- 
Fletch                | "If you find my answers frightening,       __`'/|
fletch at phydeaux.org   |  Vincent, you should cease askin'          \ o.O'
678 443-6239(w)       |  scary questions." -- Jules                =(___)=
                      |                                               U