Ana səhifə

Custom Inventory to Generate and Collect md5 File Hashes White Paper


Yüklə 34.29 Kb.
tarix25.06.2016
ölçüsü34.29 Kb.






Custom Inventory to Generate and Collect MD5 File Hashes

White Paper

June 25, 2016


About Altiris


Altiris, Inc. is a pioneer of IT lifecycle management software that allows IT organizations to easily manage desktops, notebooks, thin clients, handhelds, industry-standard servers, and heterogeneous software including Windows, Linux, and UNIX. Altiris automates and simplifies IT projects throughout the life of an asset to reduce the cost and complexity of management. Altiris client and mobile, server, and asset management solutions natively integrate via a common Web-based console and repository. For more information, visit www.altiris.com.

NOTICE
INFORMATION IN THIS DOCUMENT: (I) IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY WITH RESPECT TO PRODUCTS OF ALTIRIS OR ITS SUBSIDIARIES (“PRODUCTS”), (II) REPRESENTS ALTIRIS’ VIEWS AS OF THE DATE OF PUBLICATION OF THIS DOCUMENT, (III) IS SUBJECT TO CHANGE WITHOUT NOTICE, AND (IV) SHOULD NOT BE CONSTRUED AS ANY COMMITMENT BY ALTIRIS. EXCEPT AS PROVIDED IN ALTIRIS’ LICENSE AGREEMENT GOVERNING ANY PRODUCTS OF ALTIRIS OR ITS SUBSIDIARIES (“PRODUCTS”), ALTIRIS ASSUMES NO LIABILITY WHATSOEVER, AND DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTIES RELATING TO THE USE OF ANY PRODUCTS, INCLUDING WITHOUT LIMITATION, WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY THIRD PARTY INTELLECTUAL PROPERTY RIGHTS. ALTIRIS ASSUMES NO RESPONSIBILITY FOR ANY ERRORS OR OMISSIONS CONTAINED IN THIS DOCUMENT AND ALTIRIS SPECIFICALLY DISCLAIMS ANY AND ALL LIABILITIES AND/OR OBLIGATIONS FOR ANY CLAIMS, SUITS OR DAMAGES ARISING FROM OR IN CONNECTION WITH THE USE OF, RELIANCE UPON OR DISSEMINATION OFTHIS DOCUMENT AND/OR THE INFORMATION CONTAINED HEREIN.
Altiris may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights that relate to the Products referenced herein. The furnishing of this document and other materials and information does not provide any license, express or implied, by estoppel or otherwise, to any foregoing intellectual property rights.
No part of this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means without the express written consent of Altiris, Inc.
Customers are solely responsible for assessing the suitability of the Products for use in particular applications. Products are not intended for use in medical, life saving, life sustaining, critical control or safety systems, or in nuclear facility applications.
Copyright © 2006, Altiris, Inc. All rights reserved.
Altiris, Inc.

588 West 400 South

Lindon, UT 84042
Phone: (801) 226-8500

Fax: (801) 226-8506


*Other company names or products mentioned are or may be trademarks of their respective owners.
Information in this document is subject to change without notice. For the latest documentation, visit www.altiris.com.



Contents
Summary i

Process i

Configuring the Process 3

Comparing Data 6

Summary

This process creates a MD5 hash of specified files, writes the data into a text file of INI format and runs custom inventory to post the data to the Altiris database.

The meat of this process is a shareware .dll available from Belus Technology at the following URL:



http://xstandard.com/get/vtnxsova/md5/. This .dll generates a MD5 hash for any specified file.

Process

The process has a number of steps that it follows. They are



  1. A DelFile VB script runs and creates a c:\md5hash.ini file. If the file already exists, it deletes it and then creates a new 0-byte file. To create the file in a different location or with a different name, change paths in the DelFile.vbs file contents shown below.

DelFile.vbs

Dim fso,objFile

set fso = createobject("scripting.filesystemobject")

fso.createtextfile "c:\md5hash.ini", True

If fso.fileexists("c:\md5hash.ini") then


fso.deletefile "c:\md5hash.ini", True

End If
fso.CreateTextFile "c:\md5hash.ini", True





  1. A MD5HashGen VB script runs. It registers the xmd5.dll, generates a MD5 for a specified file and writes the results out in INI format to the md5hash.ini file created by the DelFile VB script.

    Note: The MD5HashGen.vbs script must be modified to point to the path of the ini created by the DelFile.vbs script.

    The MD5HashGen script is currently configured to generate the hash for one file; however, it contains commented out data for an additional file and could further be modified for more files. The variable strFingerPrint1 holds the results for the first file. The variable strFingerPrint2 is currently commented out but would hold the results for the second file.





The MD5HashGen VB script writes the data out in INI format so that Custom Inventory can read it. [MD5 Hash] is the header section in the INI file that contains the data. “MD5 Hash for File1” will point to the hash data for the first file.

Note: You will want to modify File1 to specify the name of the file that this hash refers to.

The line that generates the hash of the second file is currently commented out.

MD5HashGen.vbs

Dim objMD5, strFingerPrint1, strFingerPrint2, objfile,fso, fs1

Set objShell = Wscript.CreateObject("Wscript.Shell")

Set fso = CreateObject("Scripting.FileSystemObject")

Set fs1 = CreateObject("Scripting.FileSystemObject")

path = fso.GetFile(WScript.ScriptFullName).ParentFolder

set objFile = fs1.OpenTextFile("c:\md5hash.ini",8,True)


objShell.run "regsvr32 """ + path + "\xmd5.dll"" -s",0,true

Set objMD5 = CreateObject("XStandard.MD5")

strFingerPrint1 = objMD5.GetCheckSumFromFile("C:\windows\system32\console.dll")

'strFingerPrint2 = objMD5.GetCheckSumFromFile("C:\Temp\console.dll")

'objShell.run "regsvr32 """ + path + "\xmd5.dll"" -u -s",0,true Set objMD5 = Nothing

If Err.Number <> 0 Then

objFile.WriteLine StrMachine & " " & Err.Number & " " & Err.Description & vbCRLR

'wscript.Echo strComputer & " " & Err.Number & " " & Err.Description & vbCRLR

Err.Clear

Else


objFile.WriteLine StrMachine & "[MD5 Hash]" & vbCRLR

objFile.WriteLine StrMachine & "MD5 Hash For File1 = " & strFingerPrint1 & vbCRLR

'WScript.Echo strComputer & "Original Hash = " & strFingerPrint1

'objFile.WriteLine StrMachine & "MD5 Hash for File2= " & strFingerPrint2 & vbCRLR

'WScript.Echo strComputer & "Original Hash = " & strFingerPrint2

End If




  1. Custom inventory runs via an inventory task. The INI file that AeXCustInv.exe uses is AeXInvMD5.ini and is shown below. It is created in the :\Program Files\Altiris\Notification Server\nscap\bin\win32\x86\Inventory Solution package folder.

    Wscript is used but this could also be modified to use cscript instead. It contains command lines for the two VB scripts. These two VB scripts and the xmd5.dll are located in a MD5 subdirectory under the Inventory Solution package folder. The xmd5.dll and the MD5HashGen.vbs files must be located in the same folder.



AeXCustInv.exe uses the AeXCustMD5.xml input file and creates an AeXMD5Hash.nsi output file in the C:\Program Files\Altiris\eXpress\Inventory folder on the Altiris client computer it is executed on.

AeXInvMD5.ini

wscript md5\delfile.vbs

wscript md5\md5HashGen.vbs

aexcustinv.exe /in AeXCustMD5.xml /out AeXMD5Hash.nsi

aexnsinvcollector.exe /hidden /nsctransport /v default /useguid


  1. AeXCustMD5.xml is also created in the \Program Files\Altiris\Notification Server\nscap\bin\win32\x86\Inventory Solution package folder. The inventory class name and table specified that will be created in the Altiris database is Inv AeX MD5 Hash.



This XML currently collects the data from the MD5Hash.ini for one file. The column in the AeX MD5 Hash table for this column will be “MD5 Hash for File1”. Modify File1 in the XML file to reflect the accurate name of the file it represents.

To modify the XML for a second hash located in the MD5Hash.ini, insert the following XML code into the XML file. Modify the MD5 Hash for for the correct file name.


="MD5 Hash for " rs:number="2" rs:keycolumn="false" mifAttrId="2">




The filepath in the XML points to "C:\MD5hash.ini" which is the location where the DelFile.vbs script creates it.

The XML is instructed that this is an INI file and to look in for the [MD5 Hash] header section of the ini file for the “MD5 Hash for file1” string. Modify this to reflect the exact name as shown in the MD5Hash.ini file.

To add the row for a second file’s hash data, insert the following XML code into the XML file.

c1="<%writexml "ini:%filepath%\[MD5 Hash]\MD5 Hash for file2"%>"

Be sure to modify the MD5 Hash for file2 to reflect the exact name as shown in the MD5Hash.ini file.


AexCustMD5.xml












="MD5 Hash for File1" rs:number="1" rs:keycolumn="true" mifAttrId="1">











<%set filepath="C:\MD5hash.ini"%>

c0="<%writexml "ini:%filepath%\[MD5 Hash]\MD5 Hash for file1"%>"

/>











  1. The AexNSInventory Collector takes the output AeXMD5Hash.nsi file and forwards it up to the Notification Server as an NSE which processes the data into the database.

  1. Configuring the Process

    Extract the contents of the MD5HashGen.zip file to a location on your Notification Server.

  2. Modify the DelFile.vbs, MD5HashGen.vbs, AeXInvMD5.ini, and AeXCustMD5.xml files for your configuration as explained in the Process section of this document.

  3. Create a MD5 folder under the Inventory Solution package folder on the Notification Server.

  4. Copy the DelFile.vbs, md5hashgen.vbs and xmd5.dll into this MD5 folder.






  1. Copy the AeXInvMD5.ini and AeXCustMD5.xml files into the Inventory Solution package folder.

  2. Open the Altiris Console and navigate to the Tasks > Assets and Inventory > Inventory > Windows > Inventory Tasks folder.

  3. Right-click on an existing task and click Clone.

  4. Rename the cloned task as “MD5 Hash” or something similar.

  5. Click Go to Program for the new task.






  1. Create a new program called MD5 Hash Generation.

  2. Create the command line of “AeXInvSoln.exe /hidden /s AeXInvMD5.ini”.

  3. Configure this to run normally using the System account.

  4. Click Update Distribution Point.

  5. Make sure that the task is associated with the new program.

  6. Schedule the task to run as desired.






  1. The clients will download the changes to the inventory package after their next client configuration requests and the new task will run according to its schedule.

Comparing Data

To compare the hashes in the database for these computers, a repository of correct hashes must be collected and maintained. There are numerous MD5 Hash generators on the Web. One such hash generator is HashCalc which is a freeware product that is easy to use. It can be downloaded from the following URL:

http://www.freedownloadscenter.com/utilities/misc__utilities/hashcalc.html

It has a user interface that allows you to browse to the desired files and run a number of different types of hashes on the file.



The data generated from this can be used to created reports to compare the data in the database.



You may want to create a separate database table as a repository for these known good MD5 hashes and use the contents of these tables in doing comparisons and creating reports.

© 2006 Altiris Inc. All rights reserved.


Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©atelim.com 2016
rəhbərliyinə müraciət