In their ongoing campaign to dumb down their Linux distribution to the Windows level, Canonical has stripped the md5 checksum data from their download page. And instead of presenting all of the available downloads in a simple format, they present you with a 1, 2, 3 menu with a bunch of help text and links to more help; none of which let you know where to find the checksums. What you’re really looking for is hidden away from their main site here. Why do they make it hard to find this information?

You can use this to check to see if anyone has modified, updated, upgraded, added, or removed any files on your system. After you’ve configured a system the way you want it, dump hash files for all the important directories, /etc, /bin, /usr/local, etc., or just dump the whole thing. Move the output to another system. Now if you want to check to see if something has changed, you can hash the file(s) in question and grep for the hash.

You’re not going to write out all zeros, but the end case will be the disk is full of nothing but zeros. (or partition, like /dev/sdb3, which is what I used this for). The basic idea here is you read a disk, one arbitrary chunk at a time, compute the checksum for each chunk and only write out zeros to the chunks that are not all zeros already. But it all comes down to how expensive is it to write vs read.

You might want to do this to make sure a set of configuration files don’t get changed, or to figure out which files get changed when you build that random source code as root! (note to self: don’t make as root unless you have to, rpmbuild is bad enough!)

Here is a directory where I checked out some code, and I don’t want this to get updated or changed in any way at all. I like it exactly like it is, and if someone messed with it, i’d like to know what’s changed. For this example, I use a fsvs repository so I can see the history and roll back to exactly the right version, but lets just say you want a one shot deal for a bunch of files… If something comes up and I think this has changed in any way, I can run another batch of md5sums and meld the results. (yum info meld, good utility)