Hash Checksum Validation: Ensuring File Integrity

What is a Checksum?

A checksum is a value generated from a file using a hashing algorithm that helps verify if a file has been altered or corrupted. It serves as a digital fingerprint for your files.

Why Checksums Matter

- Using the checksums produced by hashing algorithms we can:
  - - - Confirm that shared files maintain their integrity after their transfer

- - - - Detect accidental corruption or malicious modifications

- - - - Provide confidence that you’re using exactly what the author intended

Even minor changes to a file will produce a completely different checksum, making hash verification an effective way to verify file/system/network integrity.

Checksum Verification Methods

Windows (PowerShell)

Get-FileHash '.\filename.exe'-Algorithm SHA256 | Format-List

                         or

Get-FileHash '.\filename.exe' -Algorithm SHA256 | Select-Object Hash | FL


# To compare with a known checksum:
(Get-FileHash '.\filename.exe' -Algorithm SHA256).Hash -eq "expected-checksum-here"



* Replace '.\filename.exe' with '.\directoryname\' to perform cmdlet recursively. *

- Returns “True” if the checksums match

- Returns “False” if there’s an integrity violation

Linux/MacOS (Bash)

# Generate a checksum:
sha256sum ./filename.txt

# Compare with a known checksum:
sha256sum ./filename.txt | grep "expected-checksum-here"



* Replace /filename.txt with './directoryname' to execute sha256sum binary recursively on files within the specified directory. *

Python

See the “checksumValidation” Repository on GitHub:

Be sure to use "" within your virtual environment to 
install the required python libraries.

Github Link https://github.com/Lunisolis/checksumValidation

Initialize your virtual environment using Python3:
```
python3 -m venv venvdirectory
```

Set the current session’s source as the newly created virtual environment
```
source ./venvdirectory/bin/activate 
```

Install requirements using pip3:
```
pip3 install -r requirements.txt 
```

Generate a checksum using the provided psScanner script:

python3 psScannerV1.py -i ./filename.txt -o test

Archive file (e.g., SCP current hashes to secured bastion log-host):

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/4/html/system_administration_guide/configuring_an_openssh_client-using_the_scp_command

The above article, is supplementary until we release an internal article about secure file transfer, which will include SCP.

Run psScanner again:

python3 psScannerV1.py -i ./filename.txt -o test

After running the above script, be sure to archive the newly generated file to your bastion log host.

* Remember that we can also replace the file name with a directory name to automate the scanning of entire directories recursively. *

Run psValidator on bastion host to compare the generated filename:hash files:

python3 psValidatorV1.py -n ./newhash_filename.txt -o ./oldhash_filename.txt

Running the psValidator on the bastion host, using the previously archived files, we can easily compare if any files have changed since we took the initial baseline.

Important Security Notes

While Python is useful for checksum verification, be mindful about its installation and accessibility on systems since it can also be exploited if misused. Only administrators should have access to run Python using escalated privileges, and only during times when they need it.

The provided Python scripts are effective at their intended purpose; however, there are much faster ways to accomplish this task.

Stay tuned for another article and more to come in February!

Share your thoughts about the article below!