[pgcimlogo.GIF (3191 bytes)] Applies to the practice: Verifing file data integrity using L6 PGCI Inc. 33 rue Prince Applicable technologies: Montréal, L6; UNIX /NT operating system and Québec derivatives H3C 2M7 Cité du multimédia The L6 program generates a unique 128-bit info@pgci.ca (MD5) or 160-bit (SHA-1) cryptographic (514) 865-9178 message digest value derived from the contents of a file. This value is considered to be a highly reliable fingerprint that can be used to verify the integrity of the file's contents. If as little as a single bit value in the file is modified, the message digest for the file will change. Forgery of a file in a way that will cause message digest algorithm to generate the same result as that for the original file is considered to be extremely difficult. L6 provides a flexible and intelligent interface for periodic integrity checks of data. Our purpose was to develop a lightweight, faster and simpler replacement of Tripwire (a commercial IDS file integrity package for the unix/nt operating systems). This preliminary version of L6 is for testing purposes only. In our benchmarks, L6 is about 40% faster than any comparable lightweight C program. SHA-1 and MD5 are proven cryptographic messages digest algorithms developed and patented by the NSA and RSA Data Security. Details for the MD5 cryptographic checksum program are provided in RFC 1321. Details for the Secure Hash Algorithm can be found in FIPS PUB-180-1. L6 requires two perl modules, MD5-1.7 and SHA-1.2. A copy of the L6 program and the modules can be obtained here. ------------------------------------------ gilbert@paranoia> cat l6 | l6 - -STANDARD INPUT-//X - - - [-,-] 6048 bytes 69867e4c837dfada6b372f97a5cf58b4 gilbert@paranoia> cat l6 | l6 - -sha1 Using digest version SHA-1, library version 1.2 -STANDARD INPUT-//X - - - [-,-] 6048 bytes 4516d5c3bd3699ec63ddfd3b175574e738cbf013 gilbert@paranoia> echo squeamish ossifrage | l6 - -STANDARD INPUT-//X - - - [-,-] 20 bytes 9469c6c14b5ed78b8aef396d2f9f96d7 gilbert@paranoia> l6 - squeamish ossifrage -STANDARD INPUT-//X - - - [-,-] 20 bytes 9469c6c14b5ed78b8aef396d2f9f96d7 gilbert@paranoia> l6 -sha1 /etc /usr/local/bin /var /usr /opt > stored_safe_list This command would plow through the directories using SHA-1 as the signature for each file. You could then copy this master file list to a diskette or a WORM media for comparaison with later scans. gilbert@paranoia> cat filelist | l6 - -sha1 -c gilbert@paranoia> l6 - -sha1 -c < filelist l6 takes filelists or any input from STDIN, producing a SHA-1 hash recursively for every directory or each file in the filelist. It will print out the ctime if the -c switch is on the cmdline. A sample result would be: test//text 649484 100444 1 root/sys 366 bytes 361fd00e 908054542 3bc6ccdfd8de96445986dc0ff579777 Under unix, the ctime is not the file creation time. The ctime field is updated each time the file's inode changes. Here are 3 examples of file tampering and the L6 interpretation. A different hash is a much better indication of file tampering than any other information the operating system can give you. 1) Added a modification and removed it, the mtime and ctime have been modified. Before L6//text 472813 100544 1 root/other 5917 bytes 362758c1 908548289 e872f44729872ba4f7f7f1e87121c88 After L6//text 472813 100544 1 root/other 5917 bytes 362758dd 908548317 e872f44729872ba4f7f7f1e87121c88 2) Used cp -p L6 L6.bak; (insert evil modifications for x hours); mv l6.bak l6, the inode and ctime have been modified. L6//text 472813 100544 1 root/other 5917 bytes 36275976 908548470 e872f44729872ba4f7f7f1e87121c88 L6//text 472779 100544 1 root/other 5917 bytes 36275976 908548563 e872f44729872ba4f7f7f1e87121c88 3) Added a modification, (insert evil modifications for x hours); removed it, cleverly modified the mtime, and hoped not to be detected. L6//text 472779 100544 1 root/other 5917 bytes 36275976 908548563 e872f44729872ba4f7f7f1e87121c88 L6//text 472779 100544 1 root/other 5917 bytes 36275976 908548990 e872f44729872ba4f7f7f1e87121c88 Although the ctime has it's informational value, and could indicate tampering (depending on the o/s many file manipulations update the ctime), the MD5/SHA-1 hash guarantees file intergrity. (Well, at least up till now). ------------------------------------------ Questions or comments? Copyright 1996-1998 PGCI Inc. All rights reserved. Legal terms.Privacy policy.