[mu TECH] A Rustic Integrity Checker for Windows user

From: Michele Andreoli (m.andreoli@tin.it)
Date: Wed Nov 08 2000 - 22:14:31 CET

[This email has the scope to stimulate the UNIX students
on the list. There are?]

I have got an idea, exploring PGP and MD5. PGP is able to create
certificate signature, very small, for every kind of file.

Point 1)
Using a command like:

                # pgp -sb filename

it create the file filenam.pgp, and leave filename untouched.

Point 2)
If (different question) I run md5sum within a directory, using
a command like:

                # mk5sum `find . -type f`

I will have in output something like:

a6cbac9065dfe3457c39a2638e0a9a5b ./voice/libutil/variables.c
c423830f86e2c571fc54629af4d05b3b ./voice/libutil/access.c
f23995d6314d5409211d42abf9d11d09 ./voice/libutil/wildmat.c
6bf35285ae952e213458eac37a4563e9 ./voice/libutil/Makefile
143e88d913256a4509f72afee4c9f942 ./voice/libvoice/depend
e4a65201f05cc3bc1dc2ddd5b8df3ed7 ./voice/libvoice/README.Supra
e41d803993946d21877056dbe6bd1a4a ./voice/libvoice/IS_101.c
7a4dd34565f9c4f24cf5e30fd55cb057 ./voice/libvoice/Elsa.c
fb9db23f3879a08df5b89284fa8d225f ./voice/libvoice/ISDN4Linux.c

I can source this output to PGP via UNIX pipe. So I can have
a single fingerprint of my hard-disk.

        # mk5sum `find . -type f` | pgp -fsb >/dev/null -o disk.pgp

Point 3)
On the other hand, in Linux (and now: in muLinux) we have three
wonderful commands: "diff","patch" and "cmp".

The question: how to combine points 1-2-3 creating a super-script
able to:

1) scan c:\ from muLinux
2) create and mantains a certification data-base for the whole disk
3) recostruct, on-demand, damnaged or infiltered files
4) crypt and sign a MBR' copy in safe place
5) crypt and sign files and entire directories on-demand.

Can a similar tools prevent or, al least, detect instrusion,
corruption etc?
In Linux, tools like that does exists, but pgp is not used, I think,
in this purpose.
What is the scenario in MS-Windows?

A real test case

Running this command on my Win98 partition (it take several minutes
on my PIII):

       # find /c -type f -print0 | xargs -0 md5sum | md5sum

I found the checksum of my hard-disk:


Following in the creator of the MD5 algorithm, the mine is the only
hard-disk in the world that have the same signature. We have
to believe in him? :-)


"I'd like to conclude with a positive statement, but I can't remember any.
Would two negative ones do?"			-- Woody Allen
To unsubscribe, e-mail: mulinux-unsubscribe@sunsite.auc.dk
For additional commands, e-mail: mulinux-help@sunsite.auc.dk

This archive was generated by hypermail 2.1.6 : Sat Feb 08 2003 - 15:27:16 CET