ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    How to check the integrity of a set of files with md5deep

    IT Discussion
    md5 md5sum hashing corruption
    1
    1
    3.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 1
      1337
      last edited by 1337

      Integrity of files

      If you want to check the integrity of a bunch of files you can do it with md5deep, which can be thought of as a recursive version of md5sum. It was initially designed for forensic work.

      If a file has the same hash as another file they are identical. If you save the md5 hash of a file and later recheck it, you can be sure the file hasn't been changed, corrupted or tampered with.

      Installation on Debian

      You'll find it in the package md5deep.

      apt install md5deep

      Inside the package you'll also find sha256deep and some other good stuff. Use sha256deep instead if you want to use sha256 hash. It's better and actually more secure than md5 but might be slower. You use it in the exact the same way though.

      Besides linux it's also available on other OSs such as Windows, MacOS. You can build it from source too. https://github.com/jessek/hashdeep

      Create MD5 signatures

      md5deep -rl /check_this_dir/* > files.md5

      This will create a text file (files.md5) with the md5 hash of all files (*) in the "/check_this_dir" directory.

      Check MD5 signatures

      md5deep -rlX files.md5 /check_this_dir/*

      It will return the files that don't match. So if any file has been changed, it will show up.

      Common Options

      -r is to go into subdirectories as well
      -l is to use local paths instead of absolute paths
      -X is to do check the signatures

      -e is if you want to see the progress while it's working.

      Find more info on basic usage with examples here:
      http://md5deep.sourceforge.net/start-md5deep.html#basic

      Example

      Let's check that our files in /boot and it's sub-directories stays intact.

      First let's create an md5 file that we will compare with.

      md5deep -r /boot/ > boot.md5

      Let's verify the files have not been tampered with.

      md5deep -rX boot.md5 /boot/

      If a file or several files has been changed it will return the file and the new hash (exit code 1).
      If all is good it will not return anything (exit code 0).

      1 Reply Last reply Reply Quote 5
      • 1 / 1
      • First post
        Last post