Solved

linux files

Posted on 2014-09-04
10
241 Views
Last Modified: 2014-09-11
Hi Experts,

We are using the SUSE OS and I have 2  questions on the file stucture.

1) would like to know how i can search for specific .c files.
2) once i find the files how do i see the associated MD5 hashes.

Thank
you
0
Comment
Question by:talltree
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 200 total points
Comment Utility
1)

find /dir -name "*.c"

where "/dir/ is the directory where you want to start searching.

"*.c" searches for all files ending with ".c". You can refine the search e. g. with "abc*.c" which will search for all files starting with "abc" and ending with ".c".

2)

find /dir -name "*.c" -xargs md5sum
0
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 100 total points
Comment Utility
correction on the second command; find output should be piped to xargs not specified as an option

find -dir -name "*.c" | xargs md5sum
0
 
LVL 68

Expert Comment

by:woolmilkporc
Comment Utility
Right! That was a typo. Thx for the correction.
0
 
LVL 84

Expert Comment

by:ozo
Comment Utility
How are you specifying these specific .c files?
0
 

Author Comment

by:talltree
Comment Utility
not sure what you mean by specifying? I am just trying to find a group of files with the .c extension and check the md5 hash to make sure they have been altered.

thanks
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 84

Expert Comment

by:ozo
Comment Utility
When you ask about searching for "specific" .c files, how are you distinguishing those specific .c files you would be searching for from other non-specific .c files?
When you say you are trying to find a "group" of files, how are you grouping them?
Do you want all .c files under /dir, as presumed by the answer of
find /dir -name "*.c" | xargs md5sum
or is there some other kind of specific group you are interested in?

If you want to do this to be sure they have been altered, do you have a list of files and md5 hashes that you want to compare with?
If so, what is the format of that list?
Also, would you need to be sure whether that list has been altered?
0
 

Author Comment

by:talltree
Comment Utility
Yes a security issue,  I do have a list of specifc files

 you want to do this to be sure that they have not been altered, do you have a list of files and md5 hashes that you want to compare with?

YES
If so, what is the format of that list?

name.c (example)

Also, would you need to be sure that that list had not been altered

No, looking to see if these files  and hash are on our server
0
 
LVL 84

Accepted Solution

by:
ozo earned 200 total points
Comment Utility
name.c (example)
Does "example" in parenthesis represent the original md5 hash of name.c that we want to compare to the current md5 hash?
Can there be more than one file in that list?
Of so, does the order matter?
Can we assume that the list will always be in alphabetical order?
Are all the files in the list .c files?
What do you want to do when you find a file who's md5 hash matches the  md5 hash in the list?
What do you want to do when you find a file who's md5 hash  does not match the md5 hash in the list?

This produces files for altered and unaltered .c files in list,
assuming that each line of the list consists of a file name, blank space, and an md5sum in parenthesis to compare,
preserving the original order, not assuming alphabetical order, an ignoring non .c files in list

#!/usr/bin/bash
cat list | while read line ; do
  shopt -s extglob
  if [[ -z "${line##*.c+([[:blank:]])\(*}" ]] ; then 
    file=${line%%.c*}.c
    file=${line%%.c*}.c
    example=${line##*\(}
    example=${example%)*}
    md5=`md5sum $file`
    md5=${md5%%*([[:blank:]])*([^[:blank:]]).c}
    if [[ "$md5" = "$example" ]] ; then
      echo $file $example matches>> unaltered
    else
      echo $file $example does not match $md5 >> altered
    fi
  fi
done

Open in new window

0
 
LVL 27

Expert Comment

by:serialband
Comment Utility
You should probably use shasum -a 256 or sha256sum instead of md5sum.

If you have the original files in some backup location, you could also just diff them directly.
0
 

Author Comment

by:talltree
Comment Utility
thanks guys
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
OfficeMate Freezes on login or does not load after login credentials are input.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now