A trojan horse, or trojan is
In the checksum system, the data elements of a file are added together and run through an algorithm. The resulting number is a checksum, a type of signature for that file.
On the SunOS platform, the utility "sum" calculates and prints to STDOUT the checksums of the specified files, and the utility "cksum" calculates CRC values.
Although checksums are more reliable than time of last modification or file size, these too can be tampered with.
Most system administrators suggest that if you rely on a checksum system, your checksum list should be kept on a separate server or even a separate medium, accessible only by root and other trusted users.
In any event, checksums work
nicely for checking the integrity of a file transferred, for example, from
point A to point B, but that is the extent of it.
MD5
When one runs a file through an MD5 implementation, the signature emerges as a 32-character value. It looks like this:
2d50b2bffb537cc4e637dd1f07a187f4Another usage of MD5 is its use in one-time password scheme S/Key, which is used primarily for remote logins. (Read "S/Key Overview" at http://medg.lcs.mit.edu/people/wwinston/skey-overview.html)
SHA-1
SHA-1 (Secure Hash Algorithm) is a message digest algorithm, designed by NSA for Digital Signature Standard, which produces 160-bit output. For details, see FIPS180-1.SHA-1 is considered much stronger than MD5.
TripWire
TripWire is a comprehensive system-integrity tool.The program reads your environment from a configuration file. That file contains all filemasks (the types of files that you want to monitor). This system can be quite incisive. For example, you can specify what changes can be made to files or directories of a given class without TripWire reporting the change.
The original values (digital signatures) for these files are kept within a database file. That database file (simple ASCII) is accessed whenever a signature needs to be calculated.
Hash functions included in the distribution are: MD5, MD4, CRC32, MD2, Snefru, SHA.
TripWire is a magnificent tool, but there are some security issues.Its databases can be altered by a cracker. Therefore, it is recommended that the database be stored in a secure place, and perhaps on read-only media.Another issue is that files might have been tampered even before TripWire is run.