Nico,
Are these workstations?
If yes do they get rebooted?
There are quite a few file changes on a reboot of NT system.
If you download Log Parser from MSFT you could do either of the following:
LogParser "SELECT Path, HASHMD5_FILE(Path) INTO Hashes.csv FROM C:\*.*"
-i:FS -recurse:0 -preserveLastAccTime:ON -o:CSV
(NOTE:Recurse the number of directories you want the results from -1 is no
limit and the preserveLastAccTime keeps you from changing the files)
Now if you kept a copy of all the files you could do a match hashes of files
with something like this.
LogParser "SELECT HASHMD5_FILE(Path) AS Hash, COUNT(*) AS NumberOfCopies
INTO CompareHashes.csv FROM C:\*.* GROUP BY Hash HAVING NumberOfCopies > 1"
-i:FS -recurse:1 -preserveLastAccTime:ON -o:CSV
But many files will be changing on your systems all the time, not sure if
this will help, but you asked for a way to MD5 sums on the files.
Regards,
__________________________________________________
Dave Kleiman, CAS,CIFI,CISM,CISSP,ISSAP,ISSMP,MCSE
www.SecurityBreachResponse.com
-----Original Message-----
From: Nicolas Kramer [mailto:nicolaskf@gmail.com]
Sent: Wednesday, September 28, 2005 12:28
To: security-basics@securityfocus.com
Subject: Hard Drive Intergrety Status
Can anyone help me with an aplication or method that can
succeed in the following task.
Check about 60 computers on LAN and all same workgroup the local C:
harddisk for changes. And if any changes found (as minimal as
possible, like new folder or new suspisious files or
something) be reported to the server.
All the local hdd are almost exactly the same if not exactly the same.
Server is running win2003 and the clients are all WinNT
Any idea how i can accomplish this task? (mayb like a MD5 sum
or somthing in that way(though md5 is for files) or an
integrety checker, i heard about it but have no knowledge
about it, and google isnt helping me out atm)
Thank you very much.
Nico
--
Nico
