[Integrit-users] Re: Integrit: How to check just the md5?
Brought to you by:
ecashin
Menu
▾
▴
[Integrit-users] Re: Integrit: How to check just the md5?
|
From: Ed L C. <ec...@te...> - 2001-06-05 19:18:49
|
"Rene Dudfield" <rdu...@ho...> writes: > Hi, > > Just a integrit question... (I'm sending a copy of this message to the integrit-users mailing list. See: http://sourceforge.net/mail/?group_id=15369) > Can I get integrit to tell me if an md5/checksum of a file has changed? No. One of the design decisions was to stick with SHA-1 because that's all that's necessary to do what integrit has to do: record and verify what a file is like. You do get an MD5 sum at the end of the integrit report, but that's for convenience, since most people have the tool "md5sum" or can use "openssl md5" to find an MD5 checksum for a given set of files. > I've got a backup of when the computer was installed(just using tar). > > Is there a way I can get integrit to tell me if a file has a different > checksum from the one in my backup? I don't think integrit is the tool you're looking for. You could probably do something like this, if the backup is a tar: tar xf /dev/tape filename | openssl md5 tar cf - /path/to/file | tar xf - | openssl md5 Test it out, though. A little test I just did shows that technique might work: ecashin$ echo test > /tmp/testfile ecashin$ echo test > /tmp/testfile2 ecashin$ cd / /$ tar cf - tmp/testfile | tar xf - tmp/testfile | openssl md5 d41d8cd98f00b204e9800998ecf8427e /$ tar cf - tmp/testfile2 | tar xf - tmp/testfile2 | openssl md5 d41d8cd98f00b204e9800998ecf8427e /$ chmod 640 tmp/testfile /$ tar cf - tmp/testfile | tar xf - tmp/testfile | openssl md5 d41d8cd98f00b204e9800998ecf8427e > I'm not real sure how to read the output of integrit. > > What do each of the sections mean? Looked through the doco, and > couldn't find an explanation. The web docs and the man page go into the output syntax in detail. Did you do "man integrit"? > Here's one of the output lines: > > changed: /home/rene/durweb/usr//bin/fdumount i(993695:32332) > m(20010605-123126:20010502-180639) c(20010605-123126:20010502-180639) > > i(...:...) is inode? That's a good guess, and is correct. > m(...:...) is md5?? > No idea what c(...:...) is. Modification time and change time respectively. Find that man page! :) You're looking for the part that says, "Here's a table of letters and the corresponding checks/options." -- --Ed Cashin PGP public key: ec...@te... http://www.terry.uga.edu/~ecashin/pgp/ |
