Irregular Expressions

Feb 15 2010   10:28PM GMT

Verifying System Integrity

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

The team at isc.sans.org has an BETA version of hash checking application. http://isc.sans.org/tools/hashsearch.html

I tired a few files from a FreeBSD machine I have, but it was not able to locate a match.  I am sure there would have been more success if files from a Windows based system had been tried.

This will be an excellent tool to verify the integrity of files on systems, more then once I have been in a situation where I needed to validate the integrity of a file with out a know good sample available.

If the status of a machine is in question I would not even collect the has off the system while it is running, booting into a liveCD like Knoppix ( http://www.knoppix.org/ ) or my favorite FreeBSD ( http://www.freebsd.org/where.html ) is the best way to ensure the integrity of the hash.

On freebsd you can use the md5 or sha1 command.

> md5 /lib/libc.so.7
MD5 (/lib/libc.so.7) = e16f4e5c137bd7f445b32733f45ac268

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: