Verifying integrity of the tar balls or source code is an essential step, which makes sure that you are going to use guanine software (also know as checksum). Every Linux or UNIX admin should be aware of this test. However, what is a checksum? A checksum is a form of a very simple measure for protecting the integrity of data from both hackers (read as crackers) and data transmission error over network i.e. make sure no one has tampered with a source file (see checksum @ wikipedia) For file verification, use any one of the following command:
- sha1sum - check SHA1 (160-bit) checksums
- md5sum - check MD5 (128-bit) checksums
- gpg - Use to validate a GPG certificate
Therefore, whenever you visit source-code download site, you will come across md5sum, sha1sum, or gpg signature keys listed. Following is general syntax to verify keys with different commands:
- sha1sum {source-code-file-name}
- md5sum {source-code-file-name}
- gpg --verify {source-code-file-name.sig} {source-code-file-name}
Examples ~ sure, without examples no one able to grasp the idea:
- Howto: Verify integrity of the tar balls with sha1sum command
- Howto: Verify integrity of the tar balls with md5sum command
- Howto: Verify integrity of the tar balls with gpg command
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- My 10 UNIX Command Line Mistakes
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
Facebook it - Tweet it - Print it -
We're here to help you make the most of sysadmin work. So, subscribe!
{ 2 comments… read them below or add one }
Interesting stuff, Keep it up good work
ah, what a guanine-ly helpful article…