sha1sum mass checking for tampered files

I once said you can use md5sum on a bunch of files and compare the sums to a list as a sort of tripwire to check for tampered files.

You might want to do this to make sure a set of configuration files don’t get changed, or to figure out which files get changed when you build that random source code as root! (note to self: don’t make as root unless you have to, rpmbuild is bad enough!)

But here’s a better way!

To take a checksum snapshot of all the files in /etc

# find /etc -type f -exec sha1sum {} \; > ~/sha1sum_etc

And then to check for files that have changed since you last made that checksum list

# sha1sum -c ~/sha1sum_etc | grep -v OK

/etc/hosts: FAILED
/etc/services: FAILED
sha1sum: WARNING 2 of 1600 computed checksums did NOT match

Posted by admica @ 22 April 2009

0 comments

Compress dd backups with sha1sum checksum

A faster way to write out all zeros to a disk using checksums

Stupid Month-Day-Year Age Verification on Websites

Batch add users to the cc list for all components in the bugzilla database directly

Convert Excel spreadsheets to CSV in Linux without OpenOffice

Simple php function to check if post variables are set without triggering warnings

Get longer email addresses using mailinator

md5sums for batch files and directories as a tripwire

Batch shrink your digital camera photo files

0 Comments
Add Comment

No comments yet. Be the first to leave a comment !

rootninja

Computer Science, Linux, Technology, Entertainment, and Politics