Are there any scripts available in IPFire that allow you to check bulk md5sums against the md5sum of a default install to see if anything has been changed?
Scenario: I have two systems, one with a stock install of IPFire 148 and the other one is a production IPFire system, I want to take the md5sums for all files on the stock install, then compare those against the production machine to verify the integrity of those files. Other than checking every single file manually one by one, is there another more efficient way to verify all files?
If you save the output of md5sum to a file mdsums, you can check with md5sum -c mdsums
hashdeep --> https://github.com/jessek/hashdeep might be an interesting one in that manner ?
I’m running md5sum comparisons of binary files between my production firewall running 2.25 153 and a brand new vm I just set up running the same version and md5sums in /usr/bin are not matching. The production firewall has been upgraded from previous core updates for a long time, and the vm is a brand new install. Should I expect that all md5sums in /usr/bin should match, or would the core updates upgrading over time generate different md5sums than what the stock version would? Should I be freaking out and taking our production plant offline this second, or am I being over paranoid?!?
The md5sums of every build are different because they contain a timestamp at linking.
so the same code of /bin/bash has a different md5 if it was installed with coreXXX and updated later to coreYYY or a fresh install of coreYYY. (except if coreYYY ships /bin/bash because it was updated in this core)
That’s good to know Arne, Thank you.
That being said, how do I check the integrity of binaries of an IPFire system to verify that they are authentic and not compromised. I have no reason to believe they are, but I would feel better having a procedure in place comparing a known legitimate copy of the binary to the production version.