Howto: Verify Downloaded Linux / BSD DVD or CD ISO images for integrity

Posted on in Categories CentOS, Debian Linux, Howto, Linux, Linux distribution, RedHat/Fedora Linux, Security, Sys admin, Tip of the day, Ubuntu Linux, UNIX last updated July 26, 2007

You need to verify that that downloaded Linux DVD or ISO images are intact before you burn and use them. This is security feature. But how do you verify ISO images?

Answer is quite simple use md5sum command to compute and check MD5 message digest.

Why verify ISO images?

a) To protect yourself
b) Verify that a file has not changed as a result of file transfer, disk error, cracker attacks, etc.

How does it work?

When you run md5sum command on ISO file, you get checksum (or hash) on screen. You need to compare this checksum with original. It works as a compact digital fingerprint of a file. You can then compare the MD5 hash of your download ISO file, to the known good hash of the file you are checking. If the two values match, you are safe and use the ISO image.


Let us download FreeBSD ISO image:
$ cd /tmp
$ wget

Next download MD5 checksum:
$ wget

Generate MD5 hash for ISO image

$ md5sum 6.2-RELEASE-i386-bootonly.iso

4e8701ac951bc4537f8420fdac7efbb5  6.2-RELEASE-i386-bootonly.iso

Verify ISO image

See the known good hash of the file (6.2-RELEASE-i386-bootonly.iso):
$ md5sum -c CHECKSUM.MD5

6.2-RELEASE-i386-bootonly.iso: OK

You can also use following command for the same purpose:

A note for Windows XP / Vista users

Download of the day: AcetoneISO – extract, browse ISO and other CD/DVD formats under Linux

Posted on in Categories Data recovery, Debian Linux, Download of the day, File system, Gentoo Linux, GNU/Open source, Howto, Linux, Linux desktop, RedHat/Fedora Linux, Suse Linux last updated April 18, 2007

AcetoneISO is the disk image emulator that mounts images of DVD and CD media. Both Mac OS X and Linux / other UNIX like oses can mount and use ISO images using loopback device. It is a DAEMON Tools (Microsoft Windows disk image) clone / emulator program with a lot more features.

Using this cool open source software means a user does not have to swap discs to run different programs on local or network computer. You can access software distributed (over Internet) as a disk image such as ISO, DAA, BIN or many other formats (no need to burn a CD/DVD to use disk image). Other usage:

  • Prevent scratching, which can cause permanent damage to a disc
  • Speeds up access times as hard drives are faster than optical drives
  • Provides a backup copy of a disc, in case the original becomes damaged, lost, or stolen


  • Mount and Unmount ISO, MDF, NRG (if iso-9660 standard)
  • Burn Your ISO, CUE, TOC images directly in K3b
  • Blank Your CD/DVD ReWritable
  • Verify md5sum of image files and Generate a Md5sum file from ISO
  • Ability to create ISO from Folder and CD/DVD
  • Service-Menu support
  • Play a DVD-Movie ISO with Kaffeine, Mplayer, VLC, Kmplayer
  • Split ISOs in smaller files and Merge them
  • Quick Turbo Mount an ISO file from your Desktop
  • Compress ISO with p7zip and extract
  • Encrypt and Decrypt an ISO
  • Generate a CUE file from a IMG/BIN image
  • Rip a PSX cd to a bin/toc image

AcetoneISO has only one dependencies problem – Kommander. Make sure you have Kommander installed.

Step # 1: Install kommander

Use apt-get command to install kommander ( it consists of an editor and a program executor that produce dialogs that you can execute), which is required by AcetoneISO. You also need p7zip (a file archiver with highest compression ratio) to compress and extract ISO images. Use apt-get command under Debian or Ubuntu Linux as follows:
# apt-get install kommander p7zip
$ sudo apt-get install kommander p7zip

Step # 2: Install AcetoneISO

Download source code or Debian .deb or Suse/Redhat RPM file from official website. Use apt-get / rpm command. Use apt-get command to install .deb file:
# apt-get install AcetoneISO-6.7.deb
OR use rpm package for RPM based distro:
# rpm -ivh AcetoneISO-6.7.noarch.rpm

Step # 2: Start AcetoneISO program

Simply type the command or click on Application > Accessories > AcetoneISO:
$ acetoneiso &
AcetoneISO - extract, browse ISO and other CD/DVD formats under Linux


Howto: Verify integrity of the tar balls or source code

Posted on in Categories Linux, Security, Tips, UNIX last updated December 2, 2005

Verifying integrity of the tar balls or source code is an essential step, which makes sure that you are going to use guanine software (also know as checksum). Every Linux or UNIX admin should be aware of this test. However, what is a checksum? A checksum is a form of a very simple measure for protecting the integrity of data from both hackers (read as crackers) and data transmission error over network i.e. make sure no one has tampered with a source file (see checksum @ wikipedia) For file verification, use any one of the following command:

  1. sha1sum – check SHA1 (160-bit) checksums
  2. md5sum – check MD5 (128-bit) checksums
  3. gpg – Use to validate a GPG certificate

Therefore, whenever you visit source-code download site, you will come across md5sum, sha1sum, or gpg signature keys listed. Following is general syntax to verify keys with different commands:

  • sha1sum {source-code-file-name}
  • md5sum {source-code-file-name}
  • gpg –verify {source-code-file-name.sig} {source-code-file-name}

Examples ~ sure, without examples no one able to grasp the idea:

How To Verify Integrity of The Tar Balls With md5sum Command

Posted on in Categories Howto, Linux, Security, Tips, Troubleshooting, UNIX last updated December 2, 2005

md5sum command is use to check or print MD5 (128-bit) checksums. For example purpose download your favorite Linux distribution from Linux distribution web site / project site. Now you will need to to check md5sum on a Linux ISO file.

1) Download Debian linux # 1 ISO please note down md5sum listed next to each ISO file with the help of wget command:
$ wget

2) Verify integrity of a Linux iso:
$ md5sum isofile.iso

a0b162e26281ef097ee8b39b8690a8c2 isofile.iso

Compare output (a0b162e26281ef097ee8b39b8690a8c2) with key listed online at’s site.

You can read MD5 sums from the FILEs and check them:
$ md5sum -c xcache-1.2.2.tar.gz.md5.txt
Sample output:

xcache-1.2.2.tar.gz: OK

Online References: