script to verify MD5 of files on Windows 2008 R2 & RHEL/Suse Linux

Our customer's governance requested for scripts to be written to scan
files on servers & I think it's to ensure files are sane / not corrupted
/not tampered with.

To quote what they requested:

"The purpose is to see if there is any match from scanned files to MD5 hashes.

1) Management cluster systems (including OS like Windows 2008 R2, RHEL 5.x/6.x, Solaris x86)

2) Management consoles"

Can anyone write / provide the scripts?  Ideally don't need to install any
additional binaries (eg: compiler/interpreter) but just run on the native
OS (eg: Windows batch or PowerShell or VB scripts, Linux Shell/Perl)
sunhuxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jan SpringerCommented:
on the linux side, you would use a bash script:

#!/bin/bash
/usr/bin/md5sum FILENAME > FILENAME.md5

When the same command is run on the Windows side and the two FILENAME.md5 are compared, they should be identical.
0
Gerwin Jansen, EE MVETopic Advisor Commented:
>> I think it's to ensure files are sane / not corrupted /not tampered with.
That is what MD5 hashes can be used for, yes.

Without installing anything, you could use PsFCIV (PowerShell version of legacy FCIV.exe).

You can user PsFCIV to validate a set of files that have their hashes stored in an XML database.

Ref: http://gallery.technet.microsoft.com/PowerShell-File-Checksum-e57dcd67
0
sunhuxAuthor Commented:
Thanks Jesper for the Linux solution & Gerwin for Windows.

If a file (say a logfile or a Windows .evtx event logfile) is
constantly being updated, do both the checksums methods
above report files are corrupted or files are intact?

Another example is when a password file or database is
updated in a non-malicious or an authorized manner
(say by the OS or an app), checksum should not report
it as being 'tampered with', right?



From the link Gerwin provided, I have 2 queries:

> Start-PsFCIV -Path C:\tmp -XML DB.XML
Does the above create an initial xml database
storing checksums of all files?

> Checks all files in C:\tmp folder by using SHA1 hash algorithm.
> Start-PsFCIV -Path C:\tmp -XML DB.XML -HashAlgorithm SHA1, SHA256, SHA512 -Recurse
Why does the above uses 3 algorithms ie ShA1, SHA256 & SHA512?
Isn't is enough to just specify 1 algo rather than 3?  Or using 3
is more reliable in detecting if file(s) are being tampered with?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Jan SpringerCommented:
an md5 checksum validates (within reason) the contents of a file and that when comparing a later copy that should be the same -- that it is.

it doesn't identify the status (good or corrupt) of a file -- it just says that it's the same.

if you read up on md5, you will see that changes can be made to a file and still get the same hash.

but, for what you're doing, an md5 compare that the file is the same should be okay.

the only reason that i can see for using multiple algorithms is to prevent a false positive (that the files are the same).  more of an audit point.  you just won't necessarily have all options on all operating systems which is why i end up with md5 between linux and windows.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Gerwin Jansen, EE MVETopic Advisor Commented:
> Start-PsFCIV -Path C:\tmp -XML DB.XML
Does the above create an initial xml database
storing checksums of all files?


-> When you run the command first time, it creates XML database file for specified folder or folders.
0
Gerwin Jansen, EE MVETopic Advisor Commented:
>> Why does the above uses 3 algorithms ie ShA1, SHA256 & SHA512?
Why do you want 3 algorithms? Just choose 1 I would say.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.