MD5 hash checking

Posted on 2014-08-19
Last Modified: 2014-09-04
Refer to attached script.

Somehow I felt it does not build a base MD5 database (as baseline)
of all files in the server or does it?

Can it be run on RHEL 5.x, 6.x & Solaris x86 or some syntax
needs to be modified?

Is it CPU & IO intensive?  Will it help reduce the impact on system
load if run with "nohup nice ./script_name > /tmp/a.txt 2>a.err"  ?

What's the usual practice after building a baseline of the MD5,
do we run this script daily, weekly or ?

If files get modified, say by authorized applications & tools, does
it get flagged out or only those files that are maliciously modified
are flagged?

Any enhancement to the attached is welcome
Question by:sunhux
    LVL 61

    Accepted Solution

    A1) MD5 is not safe. Use SHA2 instead.
    A2) take widely used package e.g perl script called rkhunter that does what you need
    A3) Do not attmpt to fix before anything is broken
    A4) Not using MD5
    A5) No way to figure intent of file write.
    LVL 61

    Expert Comment

    rkhunter is packaged by EPEL (fedora) for both RHEL releases and it can be installed easily on solaris
    LVL 27

    Expert Comment

    There's open source Tripwire
    And an alternative that's centrally managed if you're doing more than one server.
    LVL 61

    Expert Comment

    Mine is least resource consuming. And it extracts checksums from native package manager in addition to own database
    LVL 27

    Expert Comment

    Not sure what you're talking about gheist.

    rkhunter scans for rootkits after the fact.

    tripwire and ossec are geared towards IDS.  They're made to watch for changes to existing files.  They're different beasts that do different things.  The original question suggests IDS.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
    Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now