[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 219
  • Last Modified:

MD5 hash checking

Refer to attached script.

Q1:
Somehow I felt it does not build a base MD5 database (as baseline)
of all files in the server or does it?

Q2:
Can it be run on RHEL 5.x, 6.x & Solaris x86 or some syntax
needs to be modified?

Q3:
Is it CPU & IO intensive?  Will it help reduce the impact on system
load if run with "nohup nice ./script_name > /tmp/a.txt 2>a.err"  ?

Q4:
What's the usual practice after building a baseline of the MD5,
do we run this script daily, weekly or ?

Q5:
If files get modified, say by authorized applications & tools, does
it get flagged out or only those files that are maliciously modified
are flagged?

Any enhancement to the attached is welcome
hashcheck.zip
0
sunhux
Asked:
sunhux
  • 3
  • 2
1 Solution
 
gheistCommented:
A1) MD5 is not safe. Use SHA2 instead.
A2) take widely used package e.g perl script called rkhunter that does what you need
A3) Do not attmpt to fix before anything is broken
A4) Not using MD5
A5) No way to figure intent of file write.
0
 
gheistCommented:
rkhunter is packaged by EPEL (fedora) for both RHEL releases and it can be installed easily on solaris
0
 
serialbandCommented:
There's open source Tripwire http://sourceforge.net/projects/tripwire/
And an alternative that's centrally managed if you're doing more than one server.  http://www.ossec.net/  http://www.splunk.com/
0
 
gheistCommented:
Mine is least resource consuming. And it extracts checksums from native package manager in addition to own database
0
 
serialbandCommented:
Not sure what you're talking about gheist.

rkhunter scans for rootkits after the fact.

tripwire and ossec are geared towards IDS.  They're made to watch for changes to existing files.  They're different beasts that do different things.  The original question suggests IDS.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now