Previous Thread
Next Thread
Print Thread
Rate Thread
#17042 08/02/02 12:13 AM
Joined: May 2002
Posts: 70
mtlhd Offline OP
UGN Poser
OP Offline
UGN Poser
Joined: May 2002
Posts: 70
Ok, while being bored reading at my desk and trying to configure Tripwire, I had an idea similar to what Tripwire does and that is to check the integrity of binary files. So here's a script that I made. Just pop in a new floppy.

Code
#!/bin/sh

printf "Making clean filesystem...\n";

        mkfs.ext2 /dev/fd0
        mount /dev/fd0 /mnt/floppy
        cd /mnt/floppy

        uname -a        > master.file
        ifconfig -a     >> master.file

        md5sum /bin/*            >> master.file
        md5sum /sbin/*           >> master.file
        md5sum /usr/bin/*        >> master.file
        md5sum /usr/sbin/*       >> master.file
        md5sum /usr/local/bin/*  >> master.file
        md5sum /usr/local/sbin/* >> master.file

chmod 700 master.file

printf "Finished with system checksum.\n";
printf "Label the floppy and store in a safe place ;)\n";

cd ~ ; umount /dev/fd0
  
So there it is. It's nothing special and it definitely doesn't replace something like tripwire or other well know integrity checkers, but oh well. It's more of a lazy way of doing things...heheh. But it works fairly well. Ok, now You're probably asking yourself, "ok I have the checksums of all the binary files on my system, now what??", well when you think your b0x or b0xen have been compromised, you would make a new checksum list and check it against the previous one that you made. You would check what changes have been made by using the diff command, type man diff or info diff for more info on how to use the command . You can also incorporate all this into a cronjob and have it run weekly or monthly. Whatever you'd like. Well that's it. Can you tell I'm paranoid??? wink


People demand freedom of speech as a compensation for the freedom of thought which they seldom use.
#17043 08/02/02 12:30 AM
Joined: Mar 2002
Posts: 1,273
DollarDNS Owner
Offline
DollarDNS Owner
Joined: Mar 2002
Posts: 1,273
(deleted by me) I almost made an idiot of myself. Damn I wish we could delete our own posts.


Domain Registration, Hosting, Management
http://www.dollardns.net
#17044 08/02/02 12:47 AM
Joined: May 2002
Posts: 70
mtlhd Offline OP
UGN Poser
OP Offline
UGN Poser
Joined: May 2002
Posts: 70
Well here is an example chksum:

ded15256d767929b02a3ed8eaba80c8d /bin/ping

I'm guessing that's what you meant by the size of the chksum and not the actual file that my script creates, right??
Oh and I am aware that 2 different files can have the same output. Althought I've never seen it myself. Even though I don't doubt you, would you mind explaining the proccess of how the chksums are created and why they might have the same output?? That is, if you have time. I've never looked into it that much, but now that you brought it up, it is intriguing.

EDIT: Are you sure 2 of the same files can have the same checksums ??


People demand freedom of speech as a compensation for the freedom of thought which they seldom use.
#17045 08/02/02 06:10 AM
Joined: Mar 2002
Posts: 1,273
DollarDNS Owner
Offline
DollarDNS Owner
Joined: Mar 2002
Posts: 1,273
darnit, you DID read my post before I edited it out. ugh... well, my position was based on the checksums created in data packets sent across the internet. However, I noticed you used md5 checksum. That may very well be different. But I'll describe what you wanna hear anyway:

The checksum I'm talking about is created by adding up all the 1 bits in the data stream. So A (01000001) has a checksum of byte 0x02. AB (01000001 01000010) has a checksum of byte 0x04. Change one byte, and you've got AC (01000011 01000001) or byte 0x05). So it's pretty decent at detecting data corruption, which is the primary use of checksums. However, you can probably see how it can be wrong. A (01000001) and a B (01000010) both have the same checksum by themselves.

A md5 checksum may simply take a normal checksum and encrypt it.

Now, reguardless of the checksum method, let's look at things logically. Think about all the possible combonations in a 64 byte file. Can you fit the same number of combinations in 32 bytes? Of course not. So that means some combinations of the original 64 byte file will be duplicates when converted to 32 bytes. Think about how many duplicates you may find when you reduce a 100k+ file. Notice that even when compressing files - you can come out with a larger file than you started out with. That's because of the limits found when reducing a large data chunk to a smaller one.

So it's not perfect - but it can give ya a chance at detecting changes. So there's no reason why you shouldn't do it - just don't think of it as fail proof.


Domain Registration, Hosting, Management
http://www.dollardns.net
#17046 08/03/02 07:27 PM
Joined: May 2002
Posts: 70
mtlhd Offline OP
UGN Poser
OP Offline
UGN Poser
Joined: May 2002
Posts: 70
Heheh...thanks for explaining that even though ya didn't have to wink


People demand freedom of speech as a compensation for the freedom of thought which they seldom use.
#17047 08/03/02 09:39 PM
Joined: Mar 2002
Posts: 626
Member
Offline
Member
Joined: Mar 2002
Posts: 626
Whats is this world coming 2? [censored] FLYING HAMSTERS, DOWN I SAY, DOWN! LOL, well done, just try to masturbate when bored.


-hKzKnight
"The ghost... Was never there and you'll never see me"

Link Copied to Clipboard
Member Spotlight
Phatal
Phatal
Houston, TX
Posts: 298
Joined: April 2004
Forum Statistics
Forums41
Topics33,840
Posts68,858
Average Daily Posts1
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Cyrez 1
Girlie 1
unreal 1
Crime 1
Powered by UBB.threads™ PHP Forum Software 7.7.5