Auditor Help: Using Checksum

For even more thorough change tracking and security management, Ecora allows you to define files that Ecora will checksum (using md5) and include in your reports.

To specify which files to checksum, you can either create one list in a "global" Checksum.xml file or create individual files by system. The software will use either the global or specific file (or both) based on whether or not the Use Global Checksum option is checked in the system specification dialog box.

The Checksum Files for Local Device. Defined By: field defines the path to a local file, such as
Unix:
   /home/someuser/etc/somename.xml
Windows:
   c:\somepath\somename.xml

The global file must be located in the /etc subdirectory of the installation directory, such as Ecora for Unix/etc/Checksum.xml.

Checksum.xml contains the path to the executable (such as md5) and the filename.

The following example shows the file format:

<checksum>
   <path pathname="/opt/md5/bin/md5"/>
   <file filename="/bin/egrep"/>
   <file filename="/bin/ps"/>
</checksum>

The above file would result in the files egrep and ps in the /bin subdirectory to be checksumed using the /opt/md5/bin/md5 executable. A Checksum node will appear in the report, with a page containing a table of each filename and the checksum value (as shown above).

A notable difference between the system-specific and the global checksum.xml is that, if a path to the md5 executable is defined for that system, it will be used to get the checksum for both the specific and global files.

Example:

<checksum>
   <path pathname="/usr/local/bin/md5" />
   <file filename="/bin/egrep" />
   <file filename="/bin/ps" />
</checksum>

will cause the software to execute:

"/usr/local/bin/md5 /bin/egrep"
"/usr/local/bin/md5 /bin/ps"
"/usr/local/bin/md5 file defined by global Checksum.xml"

Note! Note: If the path is not provided in the file for each system and no path is defined in the System Specification dialog box, the default would be:

   "md5 /bin/egrep"
   "md5 /bin/ps"
   etc.

The software will attempt to use md5, which can cause errors in the report.