Posted by: Dan O'Connor
barnyard freebsd, freebsd, hash, integrity, knoppix, md5, sha1
The team at isc.sans.org has an BETA version of hash checking application. http://isc.sans.org/tools/hashsearch.html
I tired a few files from a FreeBSD machine I have, but it was not able to locate a match. I am sure there would have been more success if files from a Windows based system had been tried.
This will be an excellent tool to verify the integrity of files on systems, more then once I have been in a situation where I needed to validate the integrity of a file with out a know good sample available.
If the status of a machine is in question I would not even collect the has off the system while it is running, booting into a liveCD like Knoppix ( http://www.knoppix.org/ ) or my favorite FreeBSD ( http://www.freebsd.org/where.html ) is the best way to ensure the integrity of the hash.
On freebsd you can use the md5 or sha1 command.
> md5 /lib/libc.so.7
MD5 (/lib/libc.so.7) = e16f4e5c137bd7f445b32733f45ac268