Irregular Expressions

Feb 15 2010   10:28PM GMT

Verifying System Integrity

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

The team at isc.sans.org has an BETA version of hash checking application. http://isc.sans.org/tools/hashsearch.html

I tired a few files from a FreeBSD machine I have, but it was not able to locate a match.  I am sure there would have been more success if files from a Windows based system had been tried.

This will be an excellent tool to verify the integrity of files on systems, more then once I have been in a situation where I needed to validate the integrity of a file with out a know good sample available.

If the status of a machine is in question I would not even collect the has off the system while it is running, booting into a liveCD like Knoppix ( http://www.knoppix.org/ ) or my favorite FreeBSD ( http://www.freebsd.org/where.html ) is the best way to ensure the integrity of the hash.

On freebsd you can use the md5 or sha1 command.

> md5 /lib/libc.so.7
MD5 (/lib/libc.so.7) = e16f4e5c137bd7f445b32733f45ac268

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: