[ale] File Integrity Check

John Mills Jmills at TGA.com
Fri Aug 13 12:17:14 EDT 1999


This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01BEE5A7.4FD3C8B2
Content-Type: text/plain;
	charset="ISO-8859-1"


RE- In pursuit of determining critical system files for
RE- modifications I was thinking the checksum prog sum'
RE- would be sufficient.  

I use MD5 when I need a checksum - available in source form (for the
untrusting, i.e., anyone using it #8-) from:
 <http://www.cert.org/ftp/tools/md5>, or ASCII printouts in:
 <http://theory.lcs.mit/~rivest/rfc1321.txt> or
 <ftp://ftp.rsa.com/pub/md5.txt>, but you'll have to extract the "reference
implementation" source from the document. Perl imlementations abound, if my
search was representative.
 
 -jmm
  John Mills, Sr. Software Engineer
  TGA Technologies, Inc.
  100 Pinnacle Way, Suite 140
  Norcross, GA 30071-3633
  e-mail: jmills at tga.com
  Phone: 770-441-2100 ext.124 (voice)
         770-449-7740 (FAX)

-----Original Message-----
 From: Russell Enderby [mailto:Russell.Enderby at arris-i.com]
Sent: Friday, August 13, 1999 9:31 AM
To: ale at ale.org
Subject: [ale] File Integrity Check


Understanding
that time,date, and file size can be modified under the ext2fs/ufs
directory table.  Is it possible to also make the 'sum' checksum appear
to be correct?

I was under the impression tripwire uses its own special checksum prog
to verify files, although would 'sum' be sufficient as well?  If not
does anyone know of better more thorough checksum app?

Thanks much,
Russell

--
Russell T. Enderby                                        Arris
Interactive
Software Engineer                                         3871 Lakefield
Dr, Suite 300
Cornerstone Software Development Group   Suwanee, GA 30024-1242
Email: Russell.Enderby at arris-i.com


------_=_NextPart_001_01BEE5A7.4FD3C8B2
Content-Type: text/html;
	charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
</pre>
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DISO-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2232.0">
<TITLE>RE: [ale] File Integrity Check</TITLE>
</HEAD>
<BODY>
<BR>

<P><FONT SIZE=3D2>RE- In pursuit of determining critical system files =
for</FONT>
<BR><FONT SIZE=3D2>RE- modifications I was thinking the checksum prog =
sum'</FONT>
<BR><FONT SIZE=3D2>RE- would be sufficient.  </FONT>
</P>

<P><FONT SIZE=3D2>I use MD5 when I need a checksum - available in =
source form (for the untrusting, i.e., anyone using it #8-) =
from:</FONT>
<BR><FONT SIZE=3D2> <<A =
HREF=3D"http://www.cert.org/ftp/tools/md5" =
TARGET=3D"_blank">http://www.cert.org/ftp/tools/md5</A>>, or ASCII =
printouts in:</FONT>
<BR><FONT SIZE=3D2> <<A =
HREF=3D"http://theory.lcs.mit/~rivest/rfc1321.txt" =
TARGET=3D"_blank">http://theory.lcs.mit/~rivest/rfc1321.txt</A>> =
or</FONT>
<BR><FONT SIZE=3D2> <<A HREF=3D"ftp://ftp.rsa.com/pub/md5.txt" =
TARGET=3D"_blank">ftp://ftp.rsa.com/pub/md5.txt</A>>, but you'll =
have to extract the &quot;reference implementation&quot; source from =
the document. Perl imlementations abound, if my search was =
representative.</FONT></P>

<P><FONT SIZE=3D2> </FONT>
<BR><FONT SIZE=3D2> -jmm</FONT>
<BR><FONT SIZE=3D2>  John Mills, Sr. Software Engineer</FONT>
<BR><FONT SIZE=3D2>  TGA Technologies, Inc.</FONT>
<BR><FONT SIZE=3D2>  100 Pinnacle Way, Suite 140</FONT>
<BR><FONT SIZE=3D2>  Norcross, GA 30071-3633</FONT>
<BR><FONT SIZE=3D2>  e-mail: jmills at tga.com</FONT>
<BR><FONT SIZE=3D2>  Phone: 770-441-2100 ext.124 (voice)</FONT>
<BR><FONT SIZE=3D2>         =
770-449-7740 (FAX)</FONT>
</P>

<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Russell Enderby [<A =
HREF=3D"mailto:Russell.Enderby at arris-i.com">mailto:Russell.Enderby at arris=
-i.com</A>]</FONT>
<BR><FONT SIZE=3D2>Sent: Friday, August 13, 1999 9:31 AM</FONT>
<BR><FONT SIZE=3D2>To: ale at ale.org</FONT>
<BR><FONT SIZE=3D2>Subject: [ale] File Integrity Check</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>Understanding</FONT>
<BR><FONT SIZE=3D2>that time,date, and file size can be modified under =
the ext2fs/ufs</FONT>
<BR><FONT SIZE=3D2>directory table.  Is it possible to also make =
the 'sum' checksum appear</FONT>
<BR><FONT SIZE=3D2>to be correct?</FONT>
</P>

<P><FONT SIZE=3D2>I was under the impression tripwire uses its own =
special checksum prog</FONT>
<BR><FONT SIZE=3D2>to verify files, although would 'sum' be sufficient =
as well?  If not</FONT>
<BR><FONT SIZE=3D2>does anyone know of better more thorough checksum =
app?</FONT>
</P>

<P><FONT SIZE=3D2>Thanks much,</FONT>
<BR><FONT SIZE=3D2>Russell</FONT>
</P>

<P><FONT SIZE=3D2>--</FONT>
<BR><FONT SIZE=3D2>Russell T. =
Enderby          &nbsp=
;           &nbsp=
;           &nbsp=
;     Arris</FONT>
<BR><FONT SIZE=3D2>Interactive</FONT>
<BR><FONT SIZE=3D2>Software =
Engineer          &nbs=
p;           &nbs=
p;           &nbs=
p;      3871 Lakefield</FONT>
<BR><FONT SIZE=3D2>Dr, Suite 300</FONT>
<BR><FONT SIZE=3D2>Cornerstone Software Development Group   =
Suwanee, GA 30024-1242</FONT>
<BR><FONT SIZE=3D2>Email: Russell.Enderby at arris-i.com</FONT>
</P>

</BODY>
</HTML>
<pre>
------_=_NextPart_001_01BEE5A7.4FD3C8B2--






More information about the Ale mailing list