Hello,
We're building some internal tooling to detect when a site may have been hacked. For that reason we're looking for a list of md5sums (or sha1, sha256 etc.) of known good magento files. Or possibly a location where we can download the latest version and make the sums ourselves.
Any ideas where we might be able to find this?
The sources for each magento version can be downloaded ... (i think you know where)
But for md5 checksum you can use the md5sum command on your favorite linux console.
The following command will give you a file named : checklist.chk with all files and md5's listed.
find -exec md5sum "{}" \; > checklist.chk
You can also pass params to the find command to exclude some or do any other logical opterations.
Hello,
Thanks for your reply. As far as I know the sources can be obtained trough the site but it requires login and some javascript interaction which makes it rather cumbersome to script pulling down new sources and adding md5sums as new versions become available. Are there any official http/ftp locations where the package can be downloaded? (Or a trustworthy mirror?)
There are also some github repos where vanilla Magento1 is available, and if you dont trust them you can make your own repository with vanilla code base in it. Than you can match again your own repo.