Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

script to verify MD5 of files on Windows 2008 R2 & RHEL/Suse Linux

Posted on 2014-07-28
6
Medium Priority
?
1,059 Views
Last Modified: 2014-08-08
Our customer's governance requested for scripts to be written to scan
files on servers & I think it's to ensure files are sane / not corrupted
/not tampered with.

To quote what they requested:

"The purpose is to see if there is any match from scanned files to MD5 hashes.

1) Management cluster systems (including OS like Windows 2008 R2, RHEL 5.x/6.x, Solaris x86)

2) Management consoles"

Can anyone write / provide the scripts?  Ideally don't need to install any
additional binaries (eg: compiler/interpreter) but just run on the native
OS (eg: Windows batch or PowerShell or VB scripts, Linux Shell/Perl)
0
Comment
Question by:sunhux
  • 3
  • 2
6 Comments
 
LVL 29

Assisted Solution

by:Jan Springer
Jan Springer earned 1100 total points
ID: 40226903
on the linux side, you would use a bash script:

#!/bin/bash
/usr/bin/md5sum FILENAME > FILENAME.md5

When the same command is run on the Windows side and the two FILENAME.md5 are compared, they should be identical.
0
 
LVL 38

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 900 total points
ID: 40230530
>> I think it's to ensure files are sane / not corrupted /not tampered with.
That is what MD5 hashes can be used for, yes.

Without installing anything, you could use PsFCIV (PowerShell version of legacy FCIV.exe).

You can user PsFCIV to validate a set of files that have their hashes stored in an XML database.

Ref: http://gallery.technet.microsoft.com/PowerShell-File-Checksum-e57dcd67
0
 

Author Comment

by:sunhux
ID: 40241801
Thanks Jesper for the Linux solution & Gerwin for Windows.

If a file (say a logfile or a Windows .evtx event logfile) is
constantly being updated, do both the checksums methods
above report files are corrupted or files are intact?

Another example is when a password file or database is
updated in a non-malicious or an authorized manner
(say by the OS or an app), checksum should not report
it as being 'tampered with', right?



From the link Gerwin provided, I have 2 queries:

> Start-PsFCIV -Path C:\tmp -XML DB.XML
Does the above create an initial xml database
storing checksums of all files?

> Checks all files in C:\tmp folder by using SHA1 hash algorithm.
> Start-PsFCIV -Path C:\tmp -XML DB.XML -HashAlgorithm SHA1, SHA256, SHA512 -Recurse
Why does the above uses 3 algorithms ie ShA1, SHA256 & SHA512?
Isn't is enough to just specify 1 algo rather than 3?  Or using 3
is more reliable in detecting if file(s) are being tampered with?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 29

Accepted Solution

by:
Jan Springer earned 1100 total points
ID: 40241821
an md5 checksum validates (within reason) the contents of a file and that when comparing a later copy that should be the same -- that it is.

it doesn't identify the status (good or corrupt) of a file -- it just says that it's the same.

if you read up on md5, you will see that changes can be made to a file and still get the same hash.

but, for what you're doing, an md5 compare that the file is the same should be okay.

the only reason that i can see for using multiple algorithms is to prevent a false positive (that the files are the same).  more of an audit point.  you just won't necessarily have all options on all operating systems which is why i end up with md5 between linux and windows.
0
 
LVL 38

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 900 total points
ID: 40243246
> Start-PsFCIV -Path C:\tmp -XML DB.XML
Does the above create an initial xml database
storing checksums of all files?


-> When you run the command first time, it creates XML database file for specified folder or folders.
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40243247
>> Why does the above uses 3 algorithms ie ShA1, SHA256 & SHA512?
Why do you want 3 algorithms? Just choose 1 I would say.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question