PS Script: Create and Validate File hashes – be sure nobody is changing your files

Do you know that feeling when you have delivered a good working script and a few weeks later someone comes up to you saying “It ain`t working”. Or that time that someone else of your team changed some code over night and some parts  of your nice working tool ain’t working anymore. For these reason I have developed 2 functions so you can compute file hashes and validate if your files have been changed. Other use cases for these functions are :

  • Validating if a user changed his profile picture for applications that store the picture on a file share.
  • Validating what files have changed after a update of a program.

 

With the first function you can create file hashes of a single file or a entire folder with subfolders. The hashes and the file path will be saved in a csv file so you can use them later to validate if something has been changed. The functions support the following hash algorithms: “SHA1″,”SHA256″,”SHA384″,”SHA512″,”MACTripleDES”,”MD5″,”RIPEMD160″. Because you calculate a file hash you can even move the files from one computer to the next and still validate if the files are integer. Do note the files need to be on the same location or you have to replace the location in the csv integrity file.

You can find the script in the TechNet gallery or under the script section of this site.

The Help content of the function Create-FileIntegrityhash:

 

The Help content of the function Validate-FileIntegrityhash:

Lets see the script in to action

For this demo part I use my team fortress install in my Y: drive. ( If you don’t know what team fortress is you missed something somewhere : ) ). This folder contains 1200+ files and has a total size of 18 GB of data. As you can imagine finding a changed bit in that is like finding a needle in a hay stack. First we unleash the “Create-FileIntegrityhash”. We feed it the parameters for the path, the algorithm “md5” and a custom location for the integrity file.

 

It took only 1,5 minute to create the csv. As you can see in the sample above the csv contains the hash algorithm, the hash and the location of the file. This is all the data we need to do a verification of what changed later on. For now I go in to one of the sub folders and remove the file “hl2_sound_misc_dir.vpk”. Secondly I opened the steam_appid.txt and incremented the value 440 to 441 a very minor change to the file.

Next we run the “Validate-FileIntegrityHash -path $TF2path -Algorithm “md5” -integrityfile “.\integ.csv”

As you can see in the sample output the function will first report all files that are the same, followed by new or changed files, followed by the removed files.

Script parameters for the function: Create-FileIntegrityhash

Parameter      Type        Description
-path          String      This is the root folder or FQDN to a single
                           file that should be processed.
                           Default is current directory

-exclude       array       Filter out multiple exclusions. examples
                           "*.txt" Don`t include text files 
                           "*.txt","1*" Don`t include text files or
                           files that stat with 1

-filter        string      A single filter of what should be 
                           processed
                           "*.txt" Only process text files 

-algorithm     string      "SHA1","SHA256","SHA384","SHA512"
                           ,"MACTripleDES","MD5","RIPEMD160"
                           Default is "SHA512"

-integrityfile string      Filename and location where the output csv
                           should be stored.
                           This should allways end in ".csv"
                           Default is ".\FileIntegrityHash.csv"

Script parameters for the function: Validate-FileIntegrityhash

Parameter      Type        Description
-path          String      This is the root folder or FQDN to a single
                           file that should be processed
                           Default is current directory

-exclude       array       Filter out multiple exclusions. examples
                           "*.txt" Don`t include text files 
                           "*.txt","1*" Don`t include text files or 
                           files that stat with 1

-filter        string      A single filter of what should be
                           processed
                           "*.txt" Only process text files 

-algorithm     string      "SHA1","SHA256","SHA384","SHA512"
                           ,"MACTripleDES","MD5","RIPEMD160"
                           Default is "SHA512"

-integrityfile string      Filename and location where the input
                           csv is located
                           This should allways end in ".csv"
                           Default is ".\FileIntegrityHash.csv"

-Outputfile    string      Optional: if defined the filename of the
                           report. A copy of the report will be 
                           saved here

I hope you find some nice use cases for these functions as they have helped me in the past solve some nice issues and feel free to change the report format to your needs.

Greetings

Martijn van Geffen

 

4 Comments

  1. -

    Why not just use DSC file resource with the Checksum parameter?

    Reply
  2. -

    Hi BC,

    DSC is a great functionality but this is more about a sign once and distribute functionality. Just like internet downloads often come with MD 5 hash.
    Or when you deliver script code in a project and hand it over to operations.
    Or when you want to monitor large amount of files for change and upon change you want to initiate action X.
    In most of these cases DSC can not be used and you need a other mechanism.

    Reply
  3. -

    Hello Martijin,
    Your idea for the Script is great! It works great for a local validation. But I have a slightly different Scenario. I have some files, which source is on a Network drive, and I want to validate them with the local files of the client. Your script says after a validation, the files on der Client are new and the files from the integrity file are removed. The MD5 for both files are the same, but the location(path) is different.

    sum up: The intergrity of the file is given, when path and algorithm-sum are the same.

    Have a nice day!
    Greetings

    Reply
  4. -

    Thanks da_k3ks,

    I will look in to a option to include the path so the script becomes intelligent at the root path. I cant promise any updates on a short term but I might include it into a new release.

    kind regards,
    Martijn van geffen

    Reply

Leave a Reply to da_k3ks Cancel reply

Your email address will not be published. Required fields are marked *