Solved

script to verify MD5 of files on Windows 2008 R2 & RHEL/Suse Linux

Posted on 2014-07-28
6
942 Views
Last Modified: 2014-08-08
Our customer's governance requested for scripts to be written to scan
files on servers & I think it's to ensure files are sane / not corrupted
/not tampered with.

To quote what they requested:

"The purpose is to see if there is any match from scanned files to MD5 hashes.

1) Management cluster systems (including OS like Windows 2008 R2, RHEL 5.x/6.x, Solaris x86)

2) Management consoles"

Can anyone write / provide the scripts?  Ideally don't need to install any
additional binaries (eg: compiler/interpreter) but just run on the native
OS (eg: Windows batch or PowerShell or VB scripts, Linux Shell/Perl)
0
Comment
Question by:sunhux
  • 3
  • 2
6 Comments
 
LVL 28

Assisted Solution

by:Jan Springer
Jan Springer earned 275 total points
ID: 40226903
on the linux side, you would use a bash script:

#!/bin/bash
/usr/bin/md5sum FILENAME > FILENAME.md5

When the same command is run on the Windows side and the two FILENAME.md5 are compared, they should be identical.
0
 
LVL 37

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 225 total points
ID: 40230530
>> I think it's to ensure files are sane / not corrupted /not tampered with.
That is what MD5 hashes can be used for, yes.

Without installing anything, you could use PsFCIV (PowerShell version of legacy FCIV.exe).

You can user PsFCIV to validate a set of files that have their hashes stored in an XML database.

Ref: http://gallery.technet.microsoft.com/PowerShell-File-Checksum-e57dcd67
0
 

Author Comment

by:sunhux
ID: 40241801
Thanks Jesper for the Linux solution & Gerwin for Windows.

If a file (say a logfile or a Windows .evtx event logfile) is
constantly being updated, do both the checksums methods
above report files are corrupted or files are intact?

Another example is when a password file or database is
updated in a non-malicious or an authorized manner
(say by the OS or an app), checksum should not report
it as being 'tampered with', right?



From the link Gerwin provided, I have 2 queries:

> Start-PsFCIV -Path C:\tmp -XML DB.XML
Does the above create an initial xml database
storing checksums of all files?

> Checks all files in C:\tmp folder by using SHA1 hash algorithm.
> Start-PsFCIV -Path C:\tmp -XML DB.XML -HashAlgorithm SHA1, SHA256, SHA512 -Recurse
Why does the above uses 3 algorithms ie ShA1, SHA256 & SHA512?
Isn't is enough to just specify 1 algo rather than 3?  Or using 3
is more reliable in detecting if file(s) are being tampered with?
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 28

Accepted Solution

by:
Jan Springer earned 275 total points
ID: 40241821
an md5 checksum validates (within reason) the contents of a file and that when comparing a later copy that should be the same -- that it is.

it doesn't identify the status (good or corrupt) of a file -- it just says that it's the same.

if you read up on md5, you will see that changes can be made to a file and still get the same hash.

but, for what you're doing, an md5 compare that the file is the same should be okay.

the only reason that i can see for using multiple algorithms is to prevent a false positive (that the files are the same).  more of an audit point.  you just won't necessarily have all options on all operating systems which is why i end up with md5 between linux and windows.
0
 
LVL 37

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 225 total points
ID: 40243246
> Start-PsFCIV -Path C:\tmp -XML DB.XML
Does the above create an initial xml database
storing checksums of all files?


-> When you run the command first time, it creates XML database file for specified folder or folders.
0
 
LVL 37

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40243247
>> Why does the above uses 3 algorithms ie ShA1, SHA256 & SHA512?
Why do you want 3 algorithms? Just choose 1 I would say.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script checks a path to see if a folder exists. If the folder does exist you will get output "The folder has previously been created. No action taken" If not it will create the folder. Then adds one user modify permission to the folder. It …
Microsoft Windows Server Update Service (WSUS) is free for everyone, but it lacks of some desirable features like send an e-mail to the administrator with the status of all computers on the WSUS server. This article is based on my PowerShell script …
Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question