How to check the integrity of a set of files with md5deep
Pete.S last edited by Pete.S
Integrity of files
If you want to check the integrity of a bunch of files you can do it with
md5deep, which can be thought of as a recursive version of
md5sum. It was initially designed for forensic work.
If a file has the same hash as another file they are identical. If you save the md5 hash of a file and later recheck it, you can be sure the file hasn't been changed, corrupted or tampered with.
Installation on Debian
You'll find it in the package md5deep.
apt install md5deep
Inside the package you'll also find
sha256deepand some other good stuff. Use
sha256deepinstead if you want to use sha256 hash. It's better and actually more secure than md5 but might be slower. You use it in the exact the same way though.
Besides linux it's also available on other OSs such as Windows, MacOS. You can build it from source too. https://github.com/jessek/hashdeep
Create MD5 signatures
md5deep -rl /check_this_dir/* > files.md5
This will create a text file (files.md5) with the md5 hash of all files (*) in the "/check_this_dir" directory.
Check MD5 signatures
md5deep -rlX files.md5 /check_this_dir/*
It will return the files that don't match. So if any file has been changed, it will show up.
-ris to go into subdirectories as well
-lis to use local paths instead of absolute paths
-Xis to do check the signatures
-eis if you want to see the progress while it's working.
Find more info on basic usage with examples here:
Let's check that our files in /boot and it's sub-directories stays intact.
First let's create an md5 file that we will compare with.
md5deep -r /boot/ > boot.md5
Let's verify the files have not been tampered with.
md5deep -rX boot.md5 /boot/
If a file or several files has been changed it will return the file and the new hash (exit code 1).
If all is good it will not return anything (exit code 0).