![[Valid RSS]](/Images/valid-rss.png "Validate my RSS feed")
OK, if this of use to anyone then fantastic!!!!
It's a simple script that will generate MD5/SHA1/SHA256 sums of all files within your PATH. This is based on the PATH variable on my machine at time of writing, in fact it also checks the sums of my backups (you'll probably want to remove the /mnt/exthd line).
Its simple to use, all you need to do is burn the generated disc image to a CD for use when you check your system. It is based on the idea that you trust the security of your system at the time of generation, and there are a few caveats:
Preparation
There are a couple of steps before you can get the script working. You'll need nothing more than a text editor!
Usage
Calling just the script, or using --help will display usage options. Despite what is shown, all that is currently supported is
sha_archive.sh --full
sha_archive.sh --help
using the first will generate a checksum of every file stored within the directories specified within the script, which will then be stored in an ISO image along with the verification script. This should be burnt to a CD immediately.
Upon mounting the CD (to run your check), cd into the mounted directory and run
./Verify_sigs.sh
which will then check all files stored within it's database. It will provide you with a prompt before it goes away, read it carefully and then press enter.
Should any discrepancies be found, they will be piped through less, but the file will remain in /tmp
Bugs
Probably quite a few
Releases
V0.1
MD5 Sum
713f63b9323cfa7453d5aeb279de9b83 sha_archive.sh
It's a simple script that will generate MD5/SHA1/SHA256 sums of all files within your PATH. This is based on the PATH variable on my machine at time of writing, in fact it also checks the sums of my backups (you'll probably want to remove the /mnt/exthd line).
Its simple to use, all you need to do is burn the generated disc image to a CD for use when you check your system. It is based on the idea that you trust the security of your system at the time of generation, and there are a few caveats:
- Must be run as root (you can run as a normal user, but will get a lot of Permission Denieds)
- Won't notice if new executables appear (to be changed at a later date, maybe!)
- You must burn the disc image (if you leave it on the system, and it's compromised, the attacker could regenerate your image)
Preparation
There are a couple of steps before you can get the script working. You'll need nothing more than a text editor!
- You need to specify the checksum program to use (default is sha256sum)
- You may want to change the directories that are checksummed
Usage
Calling just the script, or using --help will display usage options. Despite what is shown, all that is currently supported is
sha_archive.sh --full
sha_archive.sh --help
using the first will generate a checksum of every file stored within the directories specified within the script, which will then be stored in an ISO image along with the verification script. This should be burnt to a CD immediately.
Upon mounting the CD (to run your check), cd into the mounted directory and run
./Verify_sigs.sh
which will then check all files stored within it's database. It will provide you with a prompt before it goes away, read it carefully and then press enter.
Should any discrepancies be found, they will be piped through less, but the file will remain in /tmp
Bugs
Probably quite a few
Releases
V0.1
MD5 Sum
713f63b9323cfa7453d5aeb279de9b83 sha_archive.sh
