SunSolve /etc Feature
The SolarisTM Fingerprint Database
An Identification Tool for Solaris Software and Files
 

The Solaris Fingerprint Database (sfpDB) is a new SunSolve service that enables you to verify the integrity of files distributed with the Solaris Operating Environment (for example, the /bin/su executable file), Solaris patches, and unbundled products such as SPARCcompilers.

Use this table to locate subjects in this article:

Why Should I Use Solaris Fingerprint Database? Describes the benefits of using Solaris Fingerprint Database
How Does Solaris Fingerprint Database Work? Explains how Solaris Fingerprint Database uses MD5 digital fingerprints to test file integrity
How Do I Use Solaris Fingerprint Database? Shows how to download and install the md5 program used to create MD5 digital fingerprints for use with Solaris Fingerprint Database
What Is the Scope of Solaris Fingerprint Database? Describes the goals and limitations of Solaris Fingerprint Database
Other Questions and Answers about Solaris Fingerprint Database Provides answers to commonly-asked questions about Solaris Fingerprint Database

Why Should I Use Solaris Fingerprint Database?

You can use Solaris Fingerprint Database to verify that you are using a true file in an official binary distribution, and not an altered version that compromises system security and causes other types of problems.

If you suspect someone has altered your system without your authorization, you can use Solaris Fingerprint Database to check whether most operating-system files have been damaged or altered.

Solaris Fingerprint Database also helps us support you better by ensuring you are using a true binary from an official software distribution, and not a recompiled version that could introduce compatibility problems.

How Does Solaris Fingerprint Database Work?

Solaris Fingerprint Database compares the MD5 digital fingerprint with the trusted entry stored in the sfpDB, and it instantly identifies mismatches.

The MD5 digital fingerprint is a security device that indicates if a file has been modified after the md5 program is run. It is virtually impossible to modify a file and retain the original MD5 digital fingerprint.

The sfpDB maps a digital fingerprint to a path name, package version/identifier, and product name. This is a one to many mapping, as some files occur in several products.

How Do I Use Solaris Fingerprint Database?

This section describes how to download and install the MD5 software used to create MD5 digital fingerprints for use with Solaris Fingerprint Database.

To Install the MD5 Program (SPARC and Intel Architecture)
  1. Download the MD5 binaries.
    The MD5 programs are distributed in compressed tar file format.
  2. Save the file to a directory (for example /usr/local or /opt).
  3. Unpack the archive:

    $ zcat md5.tar.Z | tar xvf -

    The archive contents are extracted, and an md5 directory containing the md5 program for SPARC and Intel Architecture hardware platforms is created.

Note - You can use Solaris Fingerprint Database to check the integrity of the md5 program itself.

To Create the MD5 Digital Fingerprint

The following is an example of how to use the md5 program to create an MD5 digital fingerprint:

$ /opt/md5/md5-sparc /usr/bin/su
MD5 (/usr/bin/su) = 8b98fb9c314bd5b378d9436b1617d014

You can also use the md5 program to create multiple MD5 digital fingerprints, as shown in this example:

$ /opt/md5/md5-sparc /usr/bin/su /usr/bin/ls
MD5 (/usr/bin/su) = 8b98fb9c314bd5b378d9436b1617d014
MD5 (/usr/bin/ls) = 351f5eab0baa6eddae391f84d0a6c192

Use the md5 program with the find(1) command to create MD5 digital fingerprints for files that have changed recently. This example creates MD5 digital fingerprints for files stored in the /usr/bin directory modified in the last day:

$ find /usr/bin -type f -mtime 1 -print | xargs -n100 /opt/md5/md5-sparc > /tmp/md5s.txt

The results contained in the /tmp/md5s.txt file can be easily reviewed and copied into the Solaris Fingerprint Database web form.

This example shows how to create MD5 digital fingerprints for the files stored in the /usr/bin directory:

$ find /usr/bin -type f -print | xargs -n100 /opt/md5/md5-sparc > /tmp/md5s.txt

To Test the MD5 Digital Fingerprint

To check the digital fingerprint against the trusted entry stored in the sfpDB:

  1. Visit the Solaris Fingerprint Database page.
    The Solaris Fingerprint web form is displayed.
  2. Copy and paste one or more MD5 digital fingerprints into the web form.
  3. Press submit to view the results.

    The following is an example of the results that are returned:

    Results of Last Search

8b98fb9c314bd5b378d9436b1617d014 - (/usr/bin/su) - 1 match(es) 
         canonical-path: /usr/bin/su 
         package: SUNWcsu 
         version: 11.8.0,REV=2000.01.08.18.12 
         architecture: sparc 
         source: Solaris 8/SPARC

What Is the Scope of Solaris Fingerprint Database?

Our goal is to provide a comprehensive collection of digital fingerprint for Solaris software. To this end, the Solaris Fingerprint Database is updated daily, and it now contains close to 1 million digital fingerprints for files used in the Solaris Operating Environment, Solaris patches, and unbundled products.

Limitations

Currently, foreign language versions of the Solaris Operating Environment and many encryption products are not supported. If you would like to suggest a product to be added to sfpDB, please send email to fingerprints@sun.com.

Other Questions and Answers about Solaris Fingerprint Database

Why do some of the returned entries contain odd path names?

In the process of gathering fingerprint data for the entries, we discovered that many packages are not properly structured. Some path names may not be decided until installation time. For these path names, it is not possible to derive the file name as found installed on the system; some path names are wrong, and some will contain $SOMEVAR values to be expanded during installation.

In any case, if a file was positively identified, it was shipped on a CD by Sun. The pathname does not need to match.

Will Sun publish the full content of the database?

Sun is currently studying how best to publish the full content of the database as we realize that for some applications the web interface to a CGI program is too limiting.
Sun support customers:
more support information is available after you sign in.
 
»   Login
»   Register
»   Lost UserName/Password
 
Login Required

You must login and have a valid contract to access Sun's Premium content which includes:

  • Sun Alerts
  • Bugs
  • Patches
  • Solutions
  • White Papers
  • Documentation
  • Support Knowledge

Login Required

You must login and have a valid contract to access Sun's contracted features

Access Legend:

(Login to access)   Sun Contracted Content
(Login to access)   Sun Contracted Feature

Please make use of SunSolve Feedback application by selecting the floating [+] to provide feedback about this specific document.

Security Support
»   Security Center
»   Report Security Vulnerabilities
»   Security PGP Key
»   Sun Alert Notifications - RSS Feeds
»   Sun Alert Notifications - eNewsletter
»   Solaris Fingerprint Database
 
SunSolve Navigation
»   Forums for contracted customers
»   Licenses
»   Log a Service Request
»   Patches and Updates
»   Product Download Center
»   SunSystem Handbook
»   SunSolve Japan
SunSolve Feedback, Help and Updates
»   Blog
»   Community
»   Feedback
»   Help
»   Learn about SunSolve
»   Twitter
Contact About Sun News & Events Employment Site Map Privacy Terms of Use Trademarks Copyright Sun Microsystems, Inc. | SunSolve Version 7.4.0 #1