How to check the integrity of a set of files with md5deep



  • Integrity of files

    If you want to check the integrity of a bunch of files you can do it with md5deep, which can be thought of as a recursive version of md5sum. It was initially designed for forensic work.

    If a file has the same hash as another file they are identical. If you save the md5 hash of a file and later recheck it, you can be sure the file hasn't been changed, corrupted or tampered with.

    Installation on Debian

    You'll find it in the package md5deep.

    apt install md5deep
    

    Inside the package you'll also find sha256deep and some other good stuff. Use sha256deep instead if you want to use sha256 hash. It's better and actually more secure than md5 but might be slower. You use it in the exact the same way though.

    Besides linux it's also available on other OSs such as Windows, MacOS. You can build it from source too. https://github.com/jessek/hashdeep

    Create MD5 signatures

    md5deep -rl /check_this_dir/* > files.md5
    

    This will create a text file (files.md5) with the md5 hash of all files (*) in the "/check_this_dir" directory.

    Check MD5 signatures

    md5deep -rlX files.md5 /check_this_dir/*
    

    It will return the files that don't match. So if any file has been changed, it will show up.

    Common Options

    -r is to go into subdirectories as well
    -l is to use local paths instead of absolute paths
    -X is to do check the signatures

    -e is if you want to see the progress while it's working.

    Find more info on basic usage with examples here:
    http://md5deep.sourceforge.net/start-md5deep.html#basic

    Example

    Let's check that our files in /boot and it's sub-directories stays intact.

    First let's create an md5 file that we will compare with.

    md5deep -r /boot/ > boot.md5
    

    Let's verify the files have not been tampered with.

    md5deep -rX boot.md5 /boot/ 
    

    If a file or several files has been changed it will return the file and the new hash (exit code 1).
    If all is good it will not return anything (exit code 0).