[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: MD5 checksum server OS check

Hi Charles,

By the way - on this subject, would you know of any good books or on line
what would cover both the theory and include a step by step guide of
verifying an entire server's data integrity using MD5?

Mike suggested a book called "Hack Proofing Linux" which I have on order,
however that one is a few years old and I'm running RH 8 and
was wondering if there is anything more current or coveres RH8 and MD5

Thanks again.

-----Original Message-----
From: psyche-list-admin redhat com
[mailto:psyche-list-admin redhat com]On Behalf Of Charles Curley
Sent: Monday, September 29, 2003 10:33 AM
To: psyche-list redhat com
Subject: Re: MD5 checksum server OS check

On Sat, Sep 27, 2003 at 10:39:42AM -0400, help codefit com wrote:
> Hi Charles,
> OK the gpg key and the MD5SUM file, do I download these from the RH site,
> or do they already come on my RH 8 distribution disks?  WHere on disk or
> site would they be located?  Or is the MD5SUM file the actual file that
> I am testing against the distribution disks?

In future, please reply below the text to which you are responding. It
is easier to read, so a courtesy to your readers.

You get the md5 sums in the file MD5SUMS, which is in the same
direcotry from which you FTP the ISO images of the CD-ROMs. See
http://www.redhat.com/download/howto_download.html for details.

The file MD5SUMS is signed; that key is in the root directory of each
CD, and after installation it is in multiple files on the
computer. See, e.g.: /usr/share/doc/redhat-release-8.0/RPM-GPG-KEY.

> I read at http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html that MD5
> is a more reliable way to test data integrity, if I do MD5 checks is
> a checksum test redundant?

Yes. Md5sums are checksums takes with a specific algorithm so that the
program operates identically regarless of processor and other issues.

> >Depends on how you want to do it. First, import Red Hat's gpg key
> >(preferred), or add the appropriate command line switch to the rpm
> >call below to disable gpg key checking. Then get the MD5SUM file and
> >verify its gpg signature:
> >
> >gpg --verify MD5SUM
> >
> >Then checksum the image(s):
> >
> >md5sum <path>
> >
> >where <path> may be your CD-ROM device, such as /mnt/cdrom.
> >
> >e.g, for severn:
> >
> >cat MD5SUM ; md5sum severn-i386-disc*.iso
> >
> >
> >You should also check individual packages, e.g.:
> >
> >find <path> -iname "*.rpm" -exec rpm -K {} \; | grep NOT
> >
> >where silence implies acceptance.
> --
> Psyche-list mailing list
> Psyche-list redhat com
> https://www.redhat.com/mailman/listinfo/psyche-list


Charles Curley                  /"\    ASCII Ribbon Campaign
Looking for fine software       \ /    Respect for open standards
and/or writing?                  X     No HTML/RTF in email
http://www.charlescurley.com    / \    No M$ Word docs in email

Key fingerprint = CE5C 6645 A45A 64E4 94C0  809C FFF6 4C48 4ECD DFDB

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]