Scan MD5 file information

(imported topic written by Lmt)

Hello,

On TCM there is an option to scan for basic file information using with the MD5 option.

All target files path and description with there MD5 checksum value Stores in

UNMATCHED_FILES, FILE_PATH and FILE_DESC tables .

How can i it be done in bigfix (it TCM it’s out of the BOX)?

Thanks,

(imported comment written by NoahSalzman)

You can certainly grab the SHA1 of a file and store it somewhere. We generally advise against scanning all the files on a disk. Are you looking for a particular set of files to scan?

In any case, here is a simple example.

q: (pathname of it, sha1 of it) of files of folder “c:\windows”

A: c:\windows\bfsvc.exe, f8be945bc873ba28720bb9dea01b7b9b36a471f6

A: c:\windows\bootstat.dat, bbdd06e7e944e8e72dd820ea4e8b0ff45796480f

A: c:\windows\certutil.log, 7c97aba99be83a83016316e455016bf47a7f213e

A: c:\windows\DtcInstall.log, 5dface5aaed125bce5ed5a2919d0d0454ab4f55a

A: c:\windows\explorer.exe, 4b3bd605b63749ff255e048ca6f27aff95aec24a

A: c:\windows\fveupdate.exe, 2ab2f12c0ec5ca452c63a4a59d55d6a03b4b498b

A: c:\windows\HelpPane.exe, fb2b64805e8ef1afa11439589a172603a881dd3f

And, if you are looking for checking hashes from a known list of files here is a related post:

http://www.ibm.com/developerworks/forums/thread.jspa?threadID=418040

(imported comment written by Lmt)

Hi Noha,

And Thanks for your post.

This is not what i am looking for. (I probably was not clear enough)

I am looking for a way to collect all files (name, path and MD5 checksum value ) from taget comuters (All Agents) and store them in sql table (under bigfix database).

We want to upgrade our Tivoli TCM to bigFix. (on TCM this option is out of the box)

and we wonder if this is possible to do this in bigFix.

we are using this for looking for changes in files - security reasons.

Thanks.

(imported comment written by NoahSalzman)

You

can

do it, but you probably shot

not

do it.

There is a way to scan all files and gather their hashes (as demonstrated, in part, above). There is a way to store user-defined data in the TEM database (either as a Property or as an Analysis). However, we recommend against storing “giant blobs of data” about each computer in the TEM database itself.

Also, we really recommend against using the Agent to scan “all files on the disk” as this locks up the Agent from doing more important things. So, the recommended course would be to:

  1. create a batch file that does the scanning (this frees up the Agent to do its normal work)

  2. the batch file saves the data to a file

  3. use the Upload Manager to upload that file to the server

  4. import those files into a different database than the TEM database

If you just wanted the info on 1000 files or less stored, I’d probably say “OK, do it”. But, the average computer has in excess of 10K files, right?

(imported comment written by Lmt)

Hi Noah,

Average computer has 50K files .

I didn’t know about this upload manager tool and seems to be good solution for us.

Does not big fix know how to store the data in db? (why do i have to parse the collected file).

Does Big Fix has comprehensive solution, something like - custom mif file scan ( TCM )?

http://www.ibm.com/developerworks/tivoli/library/t-scans/

Thanks,

(imported comment written by NoahSalzman)

BigFix will happily store data in the DB in the form of Properties, Notes, and Analysis results that you define… even lists of files. The system was not designed to store the amount of data you want to store (and still function properly as a real-time management tool). There is a reason why you don’t find any sports cars that are designed to pull caravans.

What is the problem you are trying to solve? Why do you need to track every file on every computer?

(imported comment written by NoahSalzman)

One thing I failed to mention is that our Software Use Analysis product is a datawarehouse-type product and includes a file scanner which could probably do what you are asking about. It might be worth looking into.

http://www-01.ibm.com/software/tivoli/products/endpoint-software-use-analysis/

(imported comment written by Lmt)

We need to tack files for changes (made by virus or worm).

Today we are anlysing this data (collected by TCM) with IBM cognos.

We need to do the same with bigfix Otherwise bigFix cannot be an alternative to TCM.

10x.