this is a hash algorithm that is implemented of the chips anyway, it
is the fastest of them all, used by synch (is it?) and it is crucially
helpful when data integrity is very important.
I like to do baseline checks when I first install an OS base and when
I upgrade it.
Does Debian internally have the kind of check pointing that Windows
does with which you could revert the state of an OS to a operating
"moment" you can manage? If it doesn't there are ways of doing that
with very basic bash scripts which could be made into some sort of
debian utility.
the reason why I push for the crc32 algo is because instead of using
sha?sums which are much slower, I would rely on both crc32 and md5sum,
when I have to baselines the 200+K files included in the base install
that comes with the installation disk.
Nowadays you can safely assume that you do not own your computer (or
any of your networked hardware or data encrypted or not), you just
paid for it to make vendors happy, but I think "we the people" could
claim more of an ownership of what we pay for. I am amused to notice
vendors telling you: "they care about 'your privacy'" . . . "privacy,
did they say?" I am old enough to notice the crass change of meaning
in that sentence; one of the conflicting readings being that if
someone "cares" for "your privacy", then it simply is not yours or
private any more to begin with, but nowadays people don't even notice
how they are making fun of them.
I would like to remove all cookies and all that crap from my
computers without having to every time use a live DVD when I access
the Internet. I am the king of guy who would carry his cell phone in a
Faraday cage (call me "paranoid" if you want to and all i would have
to say is: "thank you" ;-)).
Anyway, here is some crappy proof of concept to what I am suggesting.
That kind of utility could be made part of the installation:
// __ baselining branch
_BS_DIRS_AR=(
/bin
/boot
/dev
/etc
/home
/lib
/lib64
/mnt
/opt
/root
/run
/sbin
/srv
/sys
/tmp
/usr
/var
)
###
_BS_DIRS_AR_L=${#_BS_DIRS_AR[@]}
echo "// __ \$_BS_DIRS_AR_L: |${_BS_DIRS_AR_L}|"
for iX in ${!_BS_DIRS_AR[@]}; do
_BSNM=$(basename "${_BS_DIRS_AR[$iX]}")
_TMPFL="${_BS_DIRS_AR[$iX]}"_$(mktemp $(date +%Y%m%d%H%M%S).XXXXXX)
echo " [$iX/$_BS_DIRS_AR_L): |${_BS_DIRS_AR[$iX]}|${_TMPFL}|"
_tm="${_TMPFL}".tm
_DT=$(date +%Y%m%d%H%M%S)
time (find "${_BS_DIRS_AR[$iX]}" -type f -printf '%d %f %s
%Ts,%As,%Cs,"%M",%n,"%u","%g",' -exec
./file_metadata06_md5sum_crc32.sh {} \; > "${_TMPFL}") 2>"${_tm}"
_LNS=$(wc -l "${_TMPFL}" | awk '{print $1}')
_MD5SUM=$(md5sum --text "${_TMPFL}" | awk '{print $1}')
_LOG_FL="$(whoami)_${_BSNM}_${_LNS}_${_DT}_${_MD5SUM}.log"
echo " [$iX/$_BS_DIRS_AR_L): |${_BS_DIRS_AR[$iX]}|${_LOG_FL}|"
cat "${_tm}"
cat "${_TMPFL}" | sort --key 1,1n --key 2,2d > "${_LOG_FL}"
cat "${_tm}" >> "${_LOG_FL}"
rm -fv "${_TMPFL}"
rm -fv "${_tm}"
ls -l "${_LOG_FL}"
wc -l "${_LOG_FL}"
done
~
and file_metadata06_md5sum_crc32.sh looks like:
#!/bin/bash
_IFL=$1
_MD5SUM=$(md5sum --binary "${_IFL}")
_MD5SUM=$(echo "${_MD5SUM}" | awk '{print $1}') # avoiding ... BAD ... !=
# change sha256sum for crc32 the whole baselining will go way faster
_SHA256=$(sha256sum --binary "${_IFL}")
_SHA256=$(echo "${_SHA256}" | awk '{print $1}')
_FILE_TYPE=$(file --brief "${_IFL}")
echo "\"${_IFL}\",\"${_MD5SUM}\",\"${_SHA256}\",\"${_FILE_TYPE}\""
~
right after I finish my base installation, I would run a script liek
the one above and keep the data in a pen drive i never use while
connected to the Internet, then if I suspect my box has been
compromised (well ...) I would take the hard drive out, mount it in
another box baseline the newest "moment" and compare the baselines to
beautifully see now they have been gradually messing with the data in
my hard drive (using a GUI with a hex viewer to compare the files
...)
Any ideas about how that kind of base lining could be improved, streamlined?
lbrtchx
