Linux file checksums MD5 - SHA1

Posted on 7:31 PM by Bharathvn

When files such as software packages and CD or DVD images are shared over the
Internet, often a SHA1SUM or MD5SUM file is published with it. Those files contain
checksums that can be used to make sure that the file you downloaded is exactly the
one that the repository published.

The following are examples of the md5sum and sha1sum commands being used to
produce checksums of files:

$ md5sum whatever.iso
d41d8cd98f00b204e9800998ecf8427e whatever.iso

$ sha1sum whatever.iso
da39a3ee5e6b4b0d3255bfef95601890afd80709 whatever.iso

Which command you choose depends on whether the provider of the file you are
checking distributed md5sum or sha1sum information. For example, here is what
the md5sum.txt file for the Ubuntu Feisty distribution looked like:

90537599d934967f4de97ee0e7e66e6c ./dists/feisty/main/binary-i386/Release
c53152b488a9ed521c96fdfb12a1bbba ./dists/feisty/main/binary-i386/Packages
ba9a035c270ba6df978097ee68b8d7c6 ./dists/feisty/main/binary-i386/Packages.gz
...

To verify only one of the files listed in the file, you could do something like the following:

$ cat md5sum.txt | grep Release.gpg |md5sum -c
./dists/feisty/Release.gpg: OK

If you had an SHA1SUM file instead of a md5sum.txt file to check against, you could
use the sha1sum command in the same way. By combining the find command described earlier in this chapter with the md5sum command, you can verify any part of your file system. For example, here’s how to create an MD5 checksum for every file in the
/etc directory so they can be checked later to see if any have changed:

$ sudo find /etc -type f -exec md5sum {} \; > /tmp/md5.list 2> /dev/null

The result of the previous command line is a /tmp/md5.list file that contains a 128-bit checksum for every file in the /etc directory. Later, you could type the following command to see if any of those files have changed:

$ cd /etc

$ md5sum -c /tmp/md5.list | grep -v ‘OK’
./hosts.allow: FAILED
md5sum: WARNING: 1 of 1668 computed checksums did NOT match

As you can see from the output, only one file changed (hosts.allow). So the next
step is to check the changed file and see if the changes to that file were intentional.